/**
* @param \Symfony\Component\HttpFoundation\Request $request
* @param int $grantTypeFlow
* @param \Atrauzzi\Oauth2Server\Domain\Entity\Oauthable $oauthable
* @return array
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidClient
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidCredentials
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRefresh
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidRequest
* @throws \Atrauzzi\Oauth2Server\Exception\InvalidScope
* @throws \Atrauzzi\Oauth2Server\Exception\UnsupportedFlow
*/
public function doFlow(Request $request, $grantTypeFlow, Oauthable $oauthable = null)
{
if ($grantTypeFlow != self::FLOW_DEFAULT) {
throw new UnsupportedFlow(get_class(), $grantTypeFlow);
}
if (!($clientId = $request->get('client_id', $request->getUser()))) {
throw new InvalidRequest('client_id');
}
if (!($clientSecret = $request->get('client_secret', $request->getPassword()))) {
throw new InvalidRequest('client_secret');
}
if (!($oldRefreshTokenParam = $request->get('refresh_token', null))) {
throw new InvalidRequest('refresh_token');
}
if (!($client = $this->clientRepository->find($clientId, $clientSecret, $this->getIdentifier()))) {
throw new InvalidClient();
}
if (!($originalRefreshToken = $this->refreshTokenRepository->find($oldRefreshTokenParam))) {
throw new InvalidRefresh();
}
if ($originalRefreshToken->isExpired()) {
throw new InvalidRefresh();
}
//
//
$originalScopes = $originalRefreshToken->getScopeNames();
$requestedScopes = array_keys($this->scopeService->findValid($request->get('scope'), null, $client->getId(), $this->getIdentifier()));
$disallowedScopes = array_diff($requestedScopes, $originalScopes);
if (count($disallowedScopes)) {
throw new InvalidScope($disallowedScopes);
}
$scopes = count($requestedScopes) ? $requestedScopes : $originalScopes;
$accessToken = $this->accessTokenRepository->create(SecureKey::generate(), $this->config->getAccessTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
$tokenStrategy = $this->config->getTokenStrategy();
if ($this->config->shouldRotateRefreshTokens()) {
$newRefreshToken = $this->refreshTokenRepository->create(SecureKey::generate(), $this->config->getRefreshTokenTtl() + time(), $originalRefreshToken->getOauthableId(), $originalRefreshToken->getOauthableType(), $client->getId(), $scopes);
$this->refreshTokenRepository->delete($originalRefreshToken);
unset($originalRefreshToken);
$this->refreshTokenRepository->persist($newRefreshToken);
$accessToken->setRefreshTokenId($newRefreshToken->getId());
// ToDo: Should we try to convey refresh token expiry?
$tokenStrategy->setParam('refresh_token', $newRefreshToken->getId());
}
$this->accessTokenRepository->persist($accessToken);
$tokenStrategy->setParam('access_token', $accessToken->getId());
$tokenStrategy->setParam('expires_in', $this->config->getAccessTokenTtl());
return $tokenStrategy->generateResponse();
}
