/**
* Takes a valid code from a login redirect, and returns an AccessToken entity.
*
* @param string|null $redirectUrl The redirect URL.
*
* @return AccessToken|null
*
* @throws FacebookSDKException
*/
public function getAccessToken($redirectUrl = null)
{
if (!($code = $this->getCode())) {
return null;
}
$this->validateCsrf();
$redirectUrl = $redirectUrl ?: $this->urlDetectionHandler->getCurrentUrl();
// At minimum we need to remove the state param
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl, ['state']);
return $this->oAuth2Client->getAccessTokenFromCode($code, $redirectUrl);
}
/**
* Set the endpoint for this request.
*
* @param string
*
* @return FacebookRequest
*
* @throws FacebookSDKException
*/
public function setEndpoint($endpoint)
{
// Harvest the access token from the endpoint to keep things in sync
$params = FacebookUrlManipulator::getParamsAsArray($endpoint);
if (isset($params['access_token'])) {
$this->setAccessTokenFromParams($params['access_token']);
}
// Clean the token & app secret proof from the endpoint.
$filterParams = ['access_token', 'appsecret_proof'];
$this->endpoint = FacebookUrlManipulator::removeParamsFromUrl($endpoint, $filterParams);
return $this;
}
/**
* @dataProvider provideUris
*/
public function testParamsGetRemovedFromAUrl($dirtyUrl, $expectedCleanUrl)
{
$removeParams = ['state', 'code', 'error', 'error_reason', 'error_description', 'error_code'];
$currentUri = FacebookUrlManipulator::removeParamsFromUrl($dirtyUrl, $removeParams);
$this->assertEquals($expectedCleanUrl, $currentUri);
}
