/**
* {@inheritdoc}
*/
protected function calculateSessionState(ServerRequestInterface $request, AuthorizationInterface $authorization, $browser_state)
{
$origin = $this->getOriginUri($authorization->getRedirectUri());
$salt = Base64Url::encode(random_bytes(16));
$hash = hash('sha256', sprintf('%s%s%s%s', $authorization->getClient()->getPublicId(), $origin, $browser_state, $salt));
return sprintf('%s.%s', $hash, $salt);
}
/**
* {@inheritdoc}
*/
public function prepareAuthorization(AuthorizationInterface $authorization)
{
$token_type = $this->getTokenTypeFromRequest($authorization->getQueryParams());
$token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getUserAccount(), $token_type->getTokenTypeInformation(), $authorization->getQueryParams(), $authorization->getScopes(), null, null, ['redirect_uri' => $authorization->getQueryParam('redirect_uri')]);
$authorization->setData('access_token', $token);
foreach ($this->listeners as $listener) {
$listener->call($token);
}
return [];
}
/**
* @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
*
* @return null|\OAuth2\Endpoint\Authorization\PreConfiguredAuthorization\PreConfiguredAuthorizationInterface
*/
private function findPreConfiguredAuthorization(AuthorizationInterface $authorization)
{
if (null !== $this->getPreConfiguredAuthorizationManager()) {
return $this->getPreConfiguredAuthorizationManager()->findOnePreConfiguredAuthorization($authorization->getUserAccount()->getUserPublicId(), $authorization->getClient()->getPublicId(), $authorization->getScopes());
}
}
/**
* {@inheritdoc}
*/
public function prepareAuthorization(AuthorizationInterface $authorization)
{
$token_type = $this->getTokenTypeFromRequest($authorization->getQueryParams());
$token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getUserAccount(), $token_type->getTokenTypeInformation(), $authorization->getQueryParams(), $authorization->getScopes(), null, null, ['redirect_uri' => $authorization->getRedirectUri()]);
$authorization->setData('access_token', $token);
return $token->toArray();
}
/**
* {@inheritdoc}
*/
public function checkAuthorization(AuthorizationInterface $authorization)
{
if (false === $this->arePublicClientsAllowed() && true === $authorization->getClient()->isPublic()) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'Public clients are not allowed to use the authorization code grant type.');
}
}
