/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @param bool $headerOnly
* @throws \Atrauzzi\Oauth2Server\Exception\AccessDenied
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
*/
public function authorize(Request $request, $headerOnly = true)
{
if ($authorizationHeader = $request->headers->get('Authorization')) {
$accessTokenId = $this->config->getTokenStrategy()->determineAccessTokenInHeader($request);
} elseif (!$headerOnly) {
$accessTokenId = $request->get($this->config->getTokenKey());
} else {
throw new InvalidRequest('access_token');
}
$accessToken = $this->accessTokenRepository->find($accessTokenId);
if (empty($accessToken)) {
throw new AccessDenied();
}
if ($accessToken->isExpired()) {
throw new AccessDenied();
}
}
