/**
* Create a SharePoint Access Token (User-only Policy)
*
* @param SPSite $site SharePoint Site
* @param string $contextToken Context Token
* @param array $extra Extra payload values to map
* @throws SPBadMethodCallException|SPRuntimeException
* @return SPAccessToken
*/
public static function createUserOnlyPolicy(SPSite $site, $contextToken, array $extra = [])
{
$config = $site->getConfig();
if (empty($config['secret'])) {
throw new SPBadMethodCallException('The Secret is empty/not set');
}
try {
$jwt = JWT::decode($contextToken, $config['secret'], ['HS256']);
} catch (Exception $e) {
throw new SPRuntimeException('Unable to decode the Context Token', 0, $e);
}
// Get URL hostname
$hostname = parse_url($site->getUrl(), PHP_URL_HOST);
// Build resource
$resource = str_replace('@', '/' . $hostname . '@', $jwt->appctxsender);
// Decode application context
$oauth2 = json_decode($jwt->appctx);
$json = $site->request($oauth2->SecurityTokenServiceUri, ['headers' => ['Content-Type' => 'application/x-www-form-urlencoded'], 'body' => http_build_query(['grant_type' => 'refresh_token', 'client_id' => $jwt->aud, 'client_secret' => $config['secret'], 'refresh_token' => $jwt->refreshtoken, 'resource' => $resource])], 'POST');
return new static($json, $extra);
}
