/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (!$client instanceof JWTClientInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_CLIENT, 'The client is not a JWT client'); } $jwt = $grant_type_response->getAdditionalData('jwt'); $this->getJWTLoader()->verifySignature($jwt, $client); $issue_refresh_token = $this->getConfiguration()->get('issue_refresh_token_with_client_credentials_grant_type', false); $scope = RequestBody::getParameter($request, 'scope'); $grant_type_response->setRequestedScope($scope); $grant_type_response->setAvailableScope(null); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($scope); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (false === $client->hasPublicKeySet()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.'); } $jwt = $grant_type_response->getAdditionalData('jwt'); try { $this->getJWTLoader()->verify($jwt, $client->getPublicKeySet()); } catch (\Exception $e) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage()); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * @param \OAuth2\Client\ClientInterface $client * @param \OAuth2\Grant\GrantTypeResponseInterface $grant_type_response * @param array $token_type_information * * @return array */ private function preAccessTokenCreation(ClientInterface $client, GrantTypeResponseInterface $grant_type_response, array $token_type_information) { $metadatas = $grant_type_response->hasAdditionalData('metadatas') ? $grant_type_response->getAdditionalData('metadatas') : []; foreach ($this->token_endpoint_extensions as $token_endpoint_extension) { $result = $token_endpoint_extension->preAccessTokenCreation($client, $grant_type_response, $token_type_information); if (!empty($result)) { $metadatas = array_merge($metadatas, $result); } } return $metadatas; }