/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @throws \League\OAuth2\Server\Exception\AccessDeniedException
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
if ($this->authorizer->getResourceOwnerType() !== 'user') {
throw new AccessDeniedException();
}
return $next($request);
}
/**
* Register the Authorization server with the IoC container.
*
* @param \Illuminate\Contracts\Container\Container $app
*
* @return void
*/
public function registerAuthorizer(Application $app)
{
$app->singleton('oauth2-server.authorizer', function ($app) {
$config = $app['config']->get('oauth2');
$issuer = $app->make(AuthorizationServer::class)->setClientStorage($app->make(ClientInterface::class))->setSessionStorage($app->make(SessionInterface::class))->setAuthCodeStorage($app->make(AuthCodeInterface::class))->setAccessTokenStorage($app->make(AccessTokenInterface::class))->setRefreshTokenStorage($app->make(RefreshTokenInterface::class))->setScopeStorage($app->make(ScopeInterface::class))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']);
// add the supported grant types to the authorization server
foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
$grant = $app->make($grantParams['class']);
$grant->setAccessTokenTTL($grantParams['access_token_ttl']);
if (array_key_exists('callback', $grantParams)) {
list($className, $method) = array_pad(explode('@', $grantParams['callback']), 2, 'verify');
$verifier = $app->make($className);
$grant->setVerifyCredentialsCallback([$verifier, $method]);
}
if (array_key_exists('auth_token_ttl', $grantParams)) {
$grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
}
if (array_key_exists('refresh_token_ttl', $grantParams)) {
$grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
}
if (array_key_exists('rotate_refresh_tokens', $grantParams)) {
$grant->setRefreshTokenRotation($grantParams['rotate_refresh_tokens']);
}
$issuer->addGrantType($grant, $grantIdentifier);
}
$checker = $app->make(ResourceServer::class);
$authorizer = new Authorizer($issuer, $checker);
$authorizer->setRequest($app['request']);
$authorizer->setTokenType($app->make($config['token_type']));
$app->refresh('request', $authorizer, 'setRequest');
return $authorizer;
});
$app->alias('oauth2-server.authorizer', Authorizer::class);
}
/**
* Validate the scopes.
*
* @param $scopes
*
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*/
public function validateScopes($scopes)
{
if (!empty($scopes) && !$this->authorizer->hasScope($scopes)) {
throw new InvalidScopeException(implode(',', $scopes));
}
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$this->authorizer->setRequest($request);
$this->authorizer->checkAuthCodeRequest();
return $next($request);
}
