/** * authenticate * * @param \App\Restful\RestfulRequest $request * * @return \App\Restful\Security\Credential */ public function authenticate(RestfulRequest $request) { $client = $this->getClientOrFail($request); $secret = $request->query->get('secret'); if (!$secret) { throw new RestfulException(Response::HTTP_BAD_REQUEST, 'missing secret'); } if ($secret != $client->getAttribute('secret')) { throw new RestfulException(Response::HTTP_BAD_REQUEST, 'invalid secret'); } /** @var \App\Models\Token $token */ $token = Token::ofToken($request->token)->firstOrNew(['client_id' => $client->getAttribute('id'), 'token' => Token::uniqueToken(), 'expires_in' => intval($client->getAttribute('expires_in'))]); return new Credential($token->getAttribute('token'), $token->getAttribute('expires_in')); }