/**
* {@inheritdoc}
*/
public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response)
{
$assertion = RequestBody::getParameter($request, 'assertion');
if (null === $assertion) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Parameter "assertion" is missing.');
}
$jwt = $this->getJWTLoader()->load($assertion);
if (!$jwt instanceof JWSInterface) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Assertion does not contain signed claims.');
}
if (!$jwt->hasClaim('sub')) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Assertion does not contain "sub" claims.');
}
//We modify the response:
// - We add the subject as the client public id
// - We transmit the JWT to the response for further needs
$grant_type_response->setClientPublicId($jwt->getClaim('sub'));
$grant_type_response->setAdditionalData('jwt', $jwt);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$refresh_token = RequestBody::getParameter($request, 'refresh_token');
if (null === $refresh_token) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
}
$token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token);
if (!$token instanceof RefreshTokenInterface) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token');
}
$this->checkRefreshToken($token, $client);
if (empty($grant_type_response->getRequestedScope())) {
$grant_type_response->setRequestedScope($token->getScope());
}
$grant_type_response->setAvailableScope($token->getScope());
$grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId());
$grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId());
$grant_type_response->setRefreshTokenIssued(true);
$grant_type_response->setRefreshTokenScope($token->getScope());
$grant_type_response->setRefreshTokenRevoked($token);
$grant_type_response->setAdditionalData('metadatas', $token->getMetadatas());
}
/**
* {@inheritdoc}
*/
public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response)
{
$assertion = RequestBody::getParameter($request, 'assertion');
try {
Assertion::notNull($assertion, 'Parameter "assertion" is missing.');
$jwt = $this->getJWTLoader()->load($assertion, $this->key_encryption_key_set, $this->encryption_required);
Assertion::isInstanceOf($jwt, JWSInterface::class, 'Assertion does not contain signed claims.');
Assertion::true($jwt->hasClaim('sub'), 'Assertion does not contain "sub" claims.');
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
}
//We modify the response:
// - We add the subject as the client public id
// - We transmit the JWT to the response for further needs
$grant_type_response->setClientPublicId($jwt->getClaim('sub'));
$grant_type_response->setAdditionalData('jwt', $jwt);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$this->checkClient($request, $client);
$authCode = $this->getAuthCode($request);
$this->checkPKCE($request, $authCode, $client);
$this->checkAuthCode($authCode, $client);
$redirect_uri = RequestBody::getParameter($request, 'redirect_uri');
// Validate the redirect URI.
$this->checkRedirectUri($authCode, $redirect_uri);
$this->getAuthorizationCodeManager()->markAuthCodeAsUsed($authCode);
if ($this->hasScopeManager()) {
$grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ? $this->getScopeManager()->convertToArray(RequestBody::getParameter($request, 'scope')) : $authCode->getScope());
$grant_type_response->setAvailableScope($authCode->getScope());
$grant_type_response->setRefreshTokenScope($authCode->getScope());
}
$grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId());
$grant_type_response->setUserAccountPublicId($authCode->getUserAccountPublicId());
$grant_type_response->setRedirectUri($authCode->getMetadata('redirect_uri'));
// Refresh Token
$grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken());
$grant_type_response->setAdditionalData('auth_code', $authCode);
}
