/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getScope()) { return; } // If the scope of the access token are not sufficient, then returns an authentication error $tokenScope = $this->getScopeManager()->convertToScope($token->getAccessToken()->getScope()); $requiredScope = $this->getScopeManager()->convertToScope($configuration->getScope()); if (!$this->getScopeManager()->checkScopes($requiredScope, $tokenScope)) { return 'Insufficient scope'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getScope()) { return; } $language = $this->getExpressionLanguage(); $result = $language->evaluate($configuration->getScope(), ['scope' => $token->getAccessToken()->getScope()]); // If the scope of the access token does not fulfill the scope rule, then returns an authentication error if (false === $result) { return sprintf('Insufficient scope. The scope rule is: %s', $configuration->getScope()); } }