/**
* Adds CSRF token to the authorization request
*
* @param RedirectEvent $event
*/
public function onAuthorizationRequest(RedirectEvent $event)
{
$url = $event->getUrl();
if ($url === null) {
return;
}
$token = md5(uniqid(rand(), true));
$expiresIn = 120;
$stateToken = $this->tokenManager->createToken("state");
$stateToken->setToken($token);
$stateToken->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($stateToken);
$url = $url . "&state={$token}";
$event->setUrl($url);
}
/**
* Sets response_type to token if the server allows implicit authorization requests
*
* @param RedirectEvent $event
*/
public function onAuthorizationRequest(RedirectEvent $event)
{
if ($event->getUrl() !== null) {
return;
}
$server = $this->credentialsProvider->getServerCredentials();
if (!$server->supports("implicit")) {
return;
}
$client = $this->credentialsProvider->getClientCredentials();
$queryData = ["client_id" => $client->getClientId(), "client_secret" => $client->getClientSecret(), "redirect_uri" => $client->getRedirectUri(), "response_type" => "token"];
$queryString = http_build_query($queryData);
$url = $server->getAuthUrl() . "?" . $queryString;
$event->setUrl($url);
}
