/**
* @param \OAuth2\Grant\ResponseTypeSupportInterface[] $types
* @param \OAuth2\Endpoint\Authorization $authorization
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \OAuth2\Endpoint\ResponseModeInterface
*/
public function getResponseMode(array $types, Authorization $authorization)
{
if (null !== $authorization->getResponseMode() && true === $this->getConfiguration()->get('allow_response_mode_parameter_in_authorization_request', false)) {
// The client uses the response_mode parameter and the server allows it
$mode = $authorization->getResponseMode();
} elseif (null !== ($multiple = $this->getResponseModeIfMultipleResponseTypes($authorization->getResponseType()))) {
// The response type contains multiple types defined by OpenID Connect Specification
$mode = $multiple;
} elseif (1 < count($types)) {
// The response type contains multiple types but not defined by OpenID Connect Specification
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('The response mode "%s" is not supported.', $authorization->getResponseType()));
} else {
// The response type contains only one type
$mode = $types[0]->getResponseMode();
}
if (!array_key_exists($mode, $this->response_modes)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('Unable to retrieve response mode for response type "%s".', $authorization->getResponseType()));
}
return $this->response_modes[$mode];
}
/**
* @param \OAuth2\Endpoint\Authorization $authorization
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \OAuth2\Grant\ResponseTypeSupportInterface[]
*/
protected function getResponseTypes(Authorization $authorization)
{
/*
* @see http://tools.ietf.org/html/rfc6749#section-3.1.1
*/
if (null === $authorization->getResponseType()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid "response_type" parameter or parameter is missing');
}
$types = explode(' ', $authorization->getResponseType());
$response_types = [];
/*
* Multiple response types support must be enabled.
* This option should be set to true only if OpenID Connect is used.
*/
if (1 < count($types) && false === $this->getConfiguration()->get('multiple_response_types_support_enabled', false)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Multiple response types is disabled.');
}
foreach ($types as $type) {
if (1 < count(array_keys($types, $type))) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'A response type appears more than once.');
}
if (array_key_exists($type, $this->response_types)) {
$response_types[] = $this->response_types[$type];
} else {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Response type "' . $type . '" is not supported by this server');
}
if (!$authorization->getClient()->isAllowedGrantType($type)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::UNAUTHORIZED_CLIENT, 'The response type "' . $authorization->getResponseType() . '" is unauthorized for this client.');
}
}
return $response_types;
}
