/**
* process API Request
*
* @param Akita_OpenIDConnect_Server_DataHandler $dataHandler
*/
public function processRequest($dataHandler)
{
$request = $dataHandler->getRequest();
$param_access_token = $request->getAccessToken();
if (empty($param_access_token)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'access_token' is required");
}
// schema param is REQUIRED
if (!isset($request->param['schema']) || $request->param['schema'] !== 'openid') {
throw new Akita_OAuth2_Server_Error('400', 'invalid_schema');
}
$accessToken = $dataHandler->getAccessToken($param_access_token);
if (is_null($accessToken)) {
throw new Akita_OAuth2_Server_Error('401', 'invalid_token');
}
$authInfo = $dataHandler->getAuthInfoById($accessToken->authId);
if (is_null($authInfo)) {
throw new Akita_OAuth2_Server_Error('500', 'server_error');
}
return $authInfo;
}
/**
* process Authorization Request
*
* @param Akita_OpenIDConnect_Server_DataHandler $dataHandler
*/
public function processAuthorizationRequest($dataHandler, $allowed_response_type = array('code', 'id_token', 'token', 'code id_token', 'code token', 'id_token token', 'code id_token token'))
{
$request = $dataHandler->getRequest();
//$response_type = (isset($request->param['response_type'])) ? $request->param['response_type'] : "";
$response_type = $request->openidConnectResponseType;
if (empty($response_type)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'response_type' is required");
}
if (!in_array($response_type, $allowed_response_type)) {
throw new Akita_OAuth2_Server_Error('400', 'unsupported_response_type');
}
// validate client_id
$client_id = isset($request->param['client_id']) ? $request->param['client_id'] : "";
if (empty($client_id)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'client_id' is required");
}
if (!$dataHandler->validateClientById($client_id)) {
throw new Akita_OAuth2_Server_Error('400', 'unauthorized_client');
}
// validate redirect_uri
$redirect_uri = isset($request->param['redirect_uri']) ? $request->param['redirect_uri'] : "";
if (empty($redirect_uri)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'redirect_uri' is required");
}
if (!$dataHandler->validateRedirectUri($client_id, $redirect_uri)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'redirect_uri' is invalid");
}
// validate scope
$scope = $request->openidConnectScope;
if (!$dataHandler->validateScope($client_id, $scope)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_scope');
}
// validate nonce
$nonce = isset($request->param['nonce']) ? $request->param['nonce'] : "";
//if(!$dataHandler->validateNonce($response_type, $nonce)){
if ($response_type != 'code' && $response_type != 'token' && empty($nonce)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', 'nonce_required');
}
// validate display
$display = isset($request->param['display']) ? $request->param['display'] : "";
if (!$dataHandler->validateDisplay($display)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'display' is invalid");
}
// validate prompt
$prompt = $request->openidConnectPrompt;
if (!$dataHandler->validatePrompt($prompt)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'prompt' is invalid");
}
// validate request
if (isset($request->param['request'])) {
if (!$dataHandler->validateRequestObject($request)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'request' is invalid");
}
}
// validate request_uri
if (isset($request->param['request_uri'])) {
if (!$dataHandler->validateRequestObject($request)) {
throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'request_uri' is invalid");
}
}
// validate id_token
$id_token = isset($request->param['id_token']) ? $request->param['id_token'] : "";
if (!$dataHandler->validateIDToken($prompt, $id_token)) {
throw new Akita_OAuth2_Server_Error('400', 'interaction_required');
}
}
