/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if (!$client instanceof JWTClientInterface) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_CLIENT, 'The client is not a JWT client');
}
$jwt = $grant_type_response->getAdditionalData('jwt');
$this->getJWTLoader()->verifySignature($jwt, $client);
$issue_refresh_token = $this->getConfiguration()->get('issue_refresh_token_with_client_credentials_grant_type', false);
$scope = RequestBody::getParameter($request, 'scope');
$grant_type_response->setRequestedScope($scope);
$grant_type_response->setAvailableScope(null);
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($scope);
$grant_type_response->setRefreshTokenRevoked(null);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if (false === $client->hasPublicKeySet()) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.');
}
$jwt = $grant_type_response->getAdditionalData('jwt');
try {
$this->getJWTLoader()->verify($jwt, $client->getPublicKeySet());
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
}
$issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setUserAccountPublicId(null);
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* @param \OAuth2\Client\ClientInterface $client
* @param \OAuth2\Grant\GrantTypeResponseInterface $grant_type_response
* @param array $token_type_information
*
* @return array
*/
private function preAccessTokenCreation(ClientInterface $client, GrantTypeResponseInterface $grant_type_response, array $token_type_information)
{
$metadatas = $grant_type_response->hasAdditionalData('metadatas') ? $grant_type_response->getAdditionalData('metadatas') : [];
foreach ($this->token_endpoint_extensions as $token_endpoint_extension) {
$result = $token_endpoint_extension->preAccessTokenCreation($client, $grant_type_response, $token_type_information);
if (!empty($result)) {
$metadatas = array_merge($metadatas, $result);
}
}
return $metadatas;
}
