Beispiel #1
0
 /**
  * Add correct credentials to the token request if grant_type is authorization_code
  *
  * @param RequestEvent $event
  */
 public function onTokenRequest(RequestEvent $event)
 {
     if ($event->getRequest() !== null) {
         return;
     }
     $credentialsProvider = $this->credentialsProvider;
     $server = $credentialsProvider->getServerCredentials();
     if ($server->supports("authorization_code") === false) {
         return;
     }
     $authCode = $this->tokenManager->findToken("authorization_code");
     if ($authCode === null) {
         return;
     }
     if ($authCode->isExpired()) {
         return;
     }
     $client = $credentialsProvider->getClientCredentials();
     $code = $authCode->getToken();
     $queryData = ["grant_type" => "authorization_code", "code" => $code, "client_id" => $client->getClientId(), "client_secret" => $client->getClientSecret(), "redirect_uri" => $client->getRedirectUri()];
     $queryString = http_build_query($queryData);
     $uri = $server->getTokenUrl() . "?" . $queryString;
     $request = new Request("GET", $uri);
     $event->setRequest($request);
 }
Beispiel #2
0
 /**
  * @param RequestEvent $event
  */
 public function onTokenRequest(RequestEvent $event)
 {
     if ($event->getRequest() !== null) {
         return;
     }
     $server = $this->credentialsProvider->getServerCredentials();
     if (!$server->supports("refresh_token")) {
         return;
     }
     $refreshToken = $this->tokenManager->findToken("refresh_token");
     if ($refreshToken === null) {
         return;
     }
     if ($refreshToken->isExpired()) {
         return;
     }
     $client = $this->credentialsProvider->getClientCredentials();
     $token = $refreshToken->getToken();
     $requestArgs = ["grant_type" => "refresh_token", "refresh_token" => $token, "client_id" => $client->getClientId(), "client_secret" => $client->getClientSecret()];
     $tokenUrl = $server->getTokenUrl();
     $queryString = http_build_query($requestArgs);
     $uri = $tokenUrl . "?" . $queryString;
     $request = new Request("GET", $uri);
     $event->setRequest($request);
 }
Beispiel #3
0
 /**
  * Validates the CSRF token
  *
  * @param ServerRequestEvent $event
  *
  * @throws CsrfException
  */
 public function onAuthorizationResponse(ServerRequestEvent $event)
 {
     $arguments = $event->getServerRequest()->getQueryParams();
     if (!isset($arguments['state'])) {
         throw new CsrfException();
     }
     $stateToken = $this->tokenManager->findToken("state");
     if ($stateToken === null) {
         throw new CsrfException();
     }
     $state = $stateToken->getToken();
     if ($state !== $arguments['state']) {
         throw new CsrfException();
     }
     $this->tokenManager->removeToken($stateToken);
 }