/** * {@inheritdoc} */ public function grantAuthorization(Authorization $authorization) { $token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getEndUser(), $authorization->getScope()); $params = []; $state = $authorization->getState(); if (!empty($state)) { $params['state'] = $state; } return $params; }
/** * {@inheritdoc} */ public function grantAuthorization(Authorization $authorization) { $code = $this->getAuthCodeManager()->createAuthCode($authorization->getClient(), $authorization->getEndUser(), $authorization->getQueryParams(), $authorization->getRedirectUri(), $authorization->getScope(), $authorization->getIssueRefreshToken()); $params = ['code' => $code->getToken()]; if (null !== $authorization->getState()) { $params['state'] = $authorization->getState(); } return $params; }
public function handle(FormInterface $form, ServerRequestInterface $request, ResponseInterface &$response, Authorization $authorization) { if ('POST' !== $request->getMethod()) { return false; } $httpFoundationFactory = new HttpFoundationFactory(); $symfony_request = $httpFoundationFactory->createRequest($request); $form->submit($symfony_request); if (!$form->isValid()) { return false; } $button = $form->get('accept'); if (!$button instanceof ClickableInterface) { throw new InvalidArgumentException('Unable to find the button named "accept".'); } $authorization->setAuthorized($button->isClicked()); $this->endpoint->authorize($authorization, $response); }
/** * @param \OAuth2\Grant\ResponseTypeSupportInterface[] $types * @param \OAuth2\Endpoint\Authorization $authorization * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Endpoint\ResponseModeInterface */ public function getResponseMode(array $types, Authorization $authorization) { if (null !== $authorization->getResponseMode() && true === $this->getConfiguration()->get('allow_response_mode_parameter_in_authorization_request', false)) { // The client uses the response_mode parameter and the server allows it $mode = $authorization->getResponseMode(); } elseif (null !== ($multiple = $this->getResponseModeIfMultipleResponseTypes($authorization->getResponseType()))) { // The response type contains multiple types defined by OpenID Connect Specification $mode = $multiple; } elseif (1 < count($types)) { // The response type contains multiple types but not defined by OpenID Connect Specification throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('The response mode "%s" is not supported.', $authorization->getResponseType())); } else { // The response type contains only one type $mode = $types[0]->getResponseMode(); } if (!array_key_exists($mode, $this->response_modes)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('Unable to retrieve response mode for response type "%s".', $authorization->getResponseType())); } return $this->response_modes[$mode]; }
/** * @param \OAuth2\Endpoint\Authorization $authorization * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Grant\ResponseTypeSupportInterface[] */ protected function getResponseTypes(Authorization $authorization) { /* * @see http://tools.ietf.org/html/rfc6749#section-3.1.1 */ if (null === $authorization->getResponseType()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid "response_type" parameter or parameter is missing'); } $types = explode(' ', $authorization->getResponseType()); $response_types = []; /* * Multiple response types support must be enabled. * This option should be set to true only if OpenID Connect is used. */ if (1 < count($types) && false === $this->getConfiguration()->get('multiple_response_types_support_enabled', false)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Multiple response types is disabled.'); } foreach ($types as $type) { if (1 < count(array_keys($types, $type))) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'A response type appears more than once.'); } if (array_key_exists($type, $this->response_types)) { $response_types[] = $this->response_types[$type]; } else { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Response type "' . $type . '" is not supported by this server'); } if (!$authorization->getClient()->isAllowedGrantType($type)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::UNAUTHORIZED_CLIENT, 'The response type "' . $authorization->getResponseType() . '" is unauthorized for this client.'); } } return $response_types; }
/** * @param array $params * @param \OAuth2\Endpoint\Authorization $authorization */ private function populateScope(array $params, Authorization &$authorization) { if (!isset($params['scope'])) { return; } $scope = $this->getScopeManager()->convertToScope($params['scope']); $authorization->setScope($scope); }