/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getClientPublicId()) {
return;
}
if ($configuration->getClientPublicId() !== $token->getClient()->getPublicId()) {
return 'Client not authorized.';
}
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getResourceOwnerPublicId()) {
return;
}
if ($configuration->getResourceOwnerPublicId() !== $token->getResourceOwner()->getPublicId()) {
return 'Resource owner not authorized';
}
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getClientType()) {
return;
}
$result = $this->isTypeValid($configuration->getClientType(), $token->getClient());
if (false === $result) {
return 'Bad client type';
}
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getResourceOwnerType()) {
return;
}
$result = $this->isTypeValid($configuration->getResourceOwnerType(), $token->getResourceOwner());
if (false === $result) {
return 'Bad resource owner type';
}
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getScope()) {
return;
}
// If the scope of the access token are not sufficient, then returns an authentication error
$tokenScope = $this->getScopeManager()->convertToScope($token->getAccessToken()->getScope());
$requiredScope = $this->getScopeManager()->convertToScope($configuration->getScope());
if (!$this->getScopeManager()->checkScopes($requiredScope, $tokenScope)) {
return 'Insufficient scope';
}
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getScope()) {
return;
}
$language = $this->getExpressionLanguage();
$result = $language->evaluate($configuration->getScope(), ['scope' => $token->getAccessToken()->getScope()]);
// If the scope of the access token does not fulfill the scope rule, then returns an authentication error
if (false === $result) {
return sprintf('Insufficient scope. The scope rule is: %s', $configuration->getScope());
}
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getClientType()) {
return;
}
if (self::TYPE_PUBLIC === $configuration->getClientType() && 'none' === $token->getClient()->get('token_endpoint_auth_method')) {
return;
}
if (self::TYPE_CONFIDENTIAL === $configuration->getClientType() && 'none' !== $token->getClient()->get('token_endpoint_auth_method')) {
return;
}
return 'Resource owner not authorized.';
}
/**
* {@inheritdoc}
*/
public function check(OAuth2Token $token, OAuth2 $configuration)
{
if (null === $configuration->getResourceOwnerType()) {
return;
}
if (self::TYPE_CLIENT === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof ClientInterface) {
return;
}
if (self::TYPE_USER === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof UserAccountInterface) {
return;
}
return 'Resource owner not authorized.';
}