/**
* This authentification is role based
* @see OAuth2\IOAuth2GrantExtension::checkGrantExtension
*/
public function checkGrantExtension(IOAuth2Client $client, array $inputData, array $authHeaders)
{
if (!isset($inputData['username'])) {
throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "username" parameter found');
}
if (!isset($inputData['password'])) {
throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "password" parameter found');
}
if (!isset($inputData['required_role'])) {
throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "required_role" parameter found');
}
$username = $inputData['username'];
$password = $inputData['password'];
$role = $inputData['required_role'];
$stored = $this->storage->checkUserCredentials($client, $username, $password);
if ($stored === false) {
throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "Invalid username and password combination");
}
$user = $stored['data'];
if (!$this->isGranted($role, $user)) {
throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "User is not granted {$role}");
}
return ['data' => $user];
}
