/**
* {@inheritdoc}
*/
public function prepareAuthorization(AuthorizationInterface $authorization)
{
if (!in_array('openid', $authorization->getScopes())) {
return [];
}
if (!array_key_exists('nonce', $authorization->getQueryParams())) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'The parameter "nonce" is mandatory using "id_token" response type.');
}
return [];
}
/**
* @param \Symfony\Component\Form\FormInterface $form
* @param \Psr\Http\Message\ServerRequestInterface $request
* @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
* @param \SpomkyLabs\OAuth2ServerBundle\Plugin\AuthorizationEndpointPlugin\Form\Model\AuthorizationModel $authorization_model
*
* @return bool
*/
public function handle(FormInterface $form, ServerRequestInterface $request, AuthorizationInterface $authorization, AuthorizationModel $authorization_model)
{
if ('POST' !== $request->getMethod()) {
return false;
}
$httpFoundationFactory = new HttpFoundationFactory();
$symfony_request = $httpFoundationFactory->createRequest($request);
$form->submit($symfony_request->get($form->getName()));
if (!$form->isValid()) {
return false;
}
$button = $form->get('accept');
if (!$button instanceof ClickableInterface) {
throw new InvalidArgumentException('Unable to find the button named "accept".');
}
$authorization->setAuthorized($button->isClicked());
$refused_scopes = array_diff($authorization->getScopes(), $authorization_model->getScopes());
foreach ($refused_scopes as $refused_scope) {
$authorization->removeScope($refused_scope);
}
return true;
}
/**
* {@inheritdoc}
*/
public function prepareAuthorization(AuthorizationInterface $authorization)
{
$token_type = $this->getTokenTypeFromRequest($authorization->getQueryParams());
$token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getUserAccount(), $token_type->getTokenTypeInformation(), $authorization->getQueryParams(), $authorization->getScopes(), null, null, ['redirect_uri' => $authorization->getQueryParam('redirect_uri')]);
$authorization->setData('access_token', $token);
foreach ($this->listeners as $listener) {
$listener->call($token);
}
return [];
}
/**
* @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
*
* @return null|\OAuth2\Endpoint\Authorization\PreConfiguredAuthorization\PreConfiguredAuthorizationInterface
*/
private function findPreConfiguredAuthorization(AuthorizationInterface $authorization)
{
if (null !== $this->getPreConfiguredAuthorizationManager()) {
return $this->getPreConfiguredAuthorizationManager()->findOnePreConfiguredAuthorization($authorization->getUserAccount()->getUserPublicId(), $authorization->getClient()->getPublicId(), $authorization->getScopes());
}
}
/**
* {@inheritdoc}
*/
public function prepareAuthorization(AuthorizationInterface $authorization)
{
$token_type = $this->getTokenTypeFromRequest($authorization->getQueryParams());
$token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getUserAccount(), $token_type->getTokenTypeInformation(), $authorization->getQueryParams(), $authorization->getScopes(), null, null, ['redirect_uri' => $authorization->getRedirectUri()]);
$authorization->setData('access_token', $token);
return $token->toArray();
}
/**
* @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
*
* @return bool
*/
private function isOfflineAccess(AuthorizationInterface $authorization)
{
// The scope offline_access is not requested
if (!in_array('offline_access', $authorization->getScopes())) {
return false;
}
// The scope offline_access is requested but prompt is not consent
// The scope offline_access is ignored
if (!$authorization->hasQueryParam('prompt') || !in_array('consent', $authorization->getQueryParam('prompt'))) {
$authorization->removeScope('offline_access');
return false;
}
return true;
}
