/**
* {@inheritdoc}
*/
public function introspectToken(TokenInterface $token, ClientInterface $client)
{
if (!$token instanceof AccessTokenInterface) {
return [];
}
$result = ['active' => !$token->hasExpired(), 'client_id' => $token->getClientPublicId(), 'token_type' => $token->getTokenTypeParameter('token_type'), 'exp' => $token->getExpiresAt()];
// If the client is the subject, we add this information.
//
// The subject is not added if the client is not a resource owner.
// The reason is that if the client received an ID Token, the subject may have been computed (pairwise) and
// the subject returned here may be different. As per the OpenID Connect specification, the client must reject the token
// if subject are different and we want to avoid this case.
if ($client->getPublicId() === $token->getResourceOwnerPublicId()) {
$result['sub'] = $token->getResourceOwnerPublicId();
}
// If the client is a resource server, we return all the information stored in the access token including the metadata
if ($client->has('is_resource_server') && true === $client->get('is_resource_server')) {
$result['sub'] = $token->getResourceOwnerPublicId();
}
if (!empty($token->getScope())) {
$result['scp'] = $token->getScope();
}
if ($token instanceof JWTAccessTokenInterface) {
$result = array_merge($result, $this->getJWTInformation($token->getJWS()));
}
return $result;
}
/**
* {@inheritdoc}
*/
public function introspectToken(TokenInterface $token, ClientInterface $client)
{
if (!$token instanceof RefreshTokenInterface) {
return [];
}
$result = ['active' => !$token->hasExpired(), 'client_id' => $token->getClientPublicId(), 'exp' => $token->getExpiresAt()];
if (!empty($token->getScope())) {
$result['scp'] = $token->getScope();
}
return $result;
}
