/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if ($client->isPublic()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a confidential client'); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $refresh_token = RequestBody::getParameter($request, 'refresh_token'); if (null === $refresh_token) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token); if (!$token instanceof RefreshTokenInterface) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token'); } $this->checkRefreshToken($token, $client); if (empty($grant_type_response->getRequestedScope())) { $grant_type_response->setRequestedScope($token->getScope()); } $grant_type_response->setAvailableScope($token->getScope()); $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId()); $grant_type_response->setRefreshTokenIssued(true); $grant_type_response->setRefreshTokenScope($token->getScope()); $grant_type_response->setRefreshTokenRevoked($token); $grant_type_response->setAdditionalData('metadatas', $token->getMetadatas()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (false === $client->hasPublicKeySet()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.'); } $jwt = $grant_type_response->getAdditionalData('jwt'); try { $this->getJWTLoader()->verify($jwt, $client->getPublicKeySet()); } catch (\Exception $e) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage()); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $username = RequestBody::getParameter($request, 'username'); $password = RequestBody::getParameter($request, 'password'); $user_account = $this->getUserAccountManager()->getUserAccountByUsername($username); if (null === $user_account || !$this->getUserAccountManager()->checkUserAccountPasswordCredentials($user_account, $password)) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid username and password combination'); } $grant_type_response->setResourceOwnerPublicId($user_account->getUserPublicId()); $grant_type_response->setUserAccountPublicId($user_account->getPublicId()); $grant_type_response->setRefreshTokenIssued($this->issueRefreshToken($client)); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * @param \OAuth2\Client\ClientInterface $client * @param \OAuth2\Grant\GrantTypeResponseInterface $grant_type_response * @param array $request_parameters * @param array $token_type_information * @param array $metadatas * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Token\AccessTokenInterface */ private function createAccessToken(ClientInterface $client, GrantTypeResponseInterface $grant_type_response, array $request_parameters, array $token_type_information, array $metadatas) { $refresh_token = null; $resource_owner = $this->getResourceOwner($grant_type_response->getResourceOwnerPublicId(), $grant_type_response->getUserAccountPublicId()); if (true === $this->hasRefreshTokenManager()) { if (true === $grant_type_response->isRefreshTokenIssued()) { $refresh_token = $this->getRefreshTokenManager()->createRefreshToken($client, $resource_owner, $grant_type_response->getRefreshTokenScope(), $metadatas); } } $access_token = $this->getAccessTokenManager()->createAccessToken($client, $resource_owner, $token_type_information, $request_parameters, $grant_type_response->getRequestedScope(), $refresh_token, null, $metadatas); return $access_token; }