/**
* Handle Access Token
*
* @param Request $request
* @return OAuth2AccessToken
*/
protected function handleAccessToken(Request $request)
{
$accessToken = null;
$header = $request->headers->get('authorization');
if (!empty($header)) {
$pos = strpos($header, 'Bearer');
if ($pos !== false) {
$accessToken = substr($header, $pos + 7);
}
}
if (empty($accessToken) && $request->query->has('access_token')) {
$accessToken = $request->query->get('access_token');
}
if (empty($accessToken) && $request->getMethod() == 'POST' && $request->server->get('content_type') == 'application/x-www-form-urlencoded') {
$accessToken = $request->request->get('access_token');
}
if (empty($accessToken)) {
return null;
}
if (null !== $this->logger) {
$this->logger->info('OAuth2 authentication Authorization header found for user.');
}
$token = new OAuth2AccessToken();
$token->setAccessToken($accessToken);
$token->setSignature($this->getSignature($request));
$token->setSignedUrl($request->getUri());
return $token;
}
/**
* Authenticate with access token
*
* @param TokenInterface $token
* @return OAuth2AccessToken
*/
protected function authenticateAccessToken(TokenInterface $token)
{
$accessToken = $this->accessTokenProvider->get($token->getAccessToken());
$this->checkAccessToken($accessToken);
$client = $this->clientProvider->get($accessToken->getClient());
$this->checkClient($client);
$this->checkSignature($token, $client);
// check scope
$user = $this->userProvider->loadUserByUsername($accessToken->getUsername());
try {
$this->userChecker->checkPreAuth($user);
} catch (AccountStatusException $e) {
throw new OAuthAccessTokenNotFoundException($e->getMessage(), 401, $e, $this->realmName);
}
$retval = new OAuth2AccessToken($user->getRoles());
$retval->setAuthenticated(true);
$retval->setAccessToken($accessToken->getId());
$retval->setUser($user);
$retval->setClient($client);
$retval->setSignature($token->getSignature());
return $retval;
}