/**
* {@inheritdoc}
*/
public function grantAuthorization(Authorization $authorization)
{
$token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getEndUser(), $authorization->getScope());
$params = [];
$state = $authorization->getState();
if (!empty($state)) {
$params['state'] = $state;
}
return $params;
}
/**
* {@inheritdoc}
*/
public function grantAuthorization(Authorization $authorization)
{
$code = $this->getAuthCodeManager()->createAuthCode($authorization->getClient(), $authorization->getEndUser(), $authorization->getQueryParams(), $authorization->getRedirectUri(), $authorization->getScope(), $authorization->getIssueRefreshToken());
$params = ['code' => $code->getToken()];
if (null !== $authorization->getState()) {
$params['state'] = $authorization->getState();
}
return $params;
}
public function handle(FormInterface $form, ServerRequestInterface $request, ResponseInterface &$response, Authorization $authorization)
{
if ('POST' !== $request->getMethod()) {
return false;
}
$httpFoundationFactory = new HttpFoundationFactory();
$symfony_request = $httpFoundationFactory->createRequest($request);
$form->submit($symfony_request);
if (!$form->isValid()) {
return false;
}
$button = $form->get('accept');
if (!$button instanceof ClickableInterface) {
throw new InvalidArgumentException('Unable to find the button named "accept".');
}
$authorization->setAuthorized($button->isClicked());
$this->endpoint->authorize($authorization, $response);
}
/**
* @param \OAuth2\Grant\ResponseTypeSupportInterface[] $types
* @param \OAuth2\Endpoint\Authorization $authorization
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \OAuth2\Endpoint\ResponseModeInterface
*/
public function getResponseMode(array $types, Authorization $authorization)
{
if (null !== $authorization->getResponseMode() && true === $this->getConfiguration()->get('allow_response_mode_parameter_in_authorization_request', false)) {
// The client uses the response_mode parameter and the server allows it
$mode = $authorization->getResponseMode();
} elseif (null !== ($multiple = $this->getResponseModeIfMultipleResponseTypes($authorization->getResponseType()))) {
// The response type contains multiple types defined by OpenID Connect Specification
$mode = $multiple;
} elseif (1 < count($types)) {
// The response type contains multiple types but not defined by OpenID Connect Specification
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('The response mode "%s" is not supported.', $authorization->getResponseType()));
} else {
// The response type contains only one type
$mode = $types[0]->getResponseMode();
}
if (!array_key_exists($mode, $this->response_modes)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('Unable to retrieve response mode for response type "%s".', $authorization->getResponseType()));
}
return $this->response_modes[$mode];
}
/**
* @param \OAuth2\Endpoint\Authorization $authorization
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \OAuth2\Grant\ResponseTypeSupportInterface[]
*/
protected function getResponseTypes(Authorization $authorization)
{
/*
* @see http://tools.ietf.org/html/rfc6749#section-3.1.1
*/
if (null === $authorization->getResponseType()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid "response_type" parameter or parameter is missing');
}
$types = explode(' ', $authorization->getResponseType());
$response_types = [];
/*
* Multiple response types support must be enabled.
* This option should be set to true only if OpenID Connect is used.
*/
if (1 < count($types) && false === $this->getConfiguration()->get('multiple_response_types_support_enabled', false)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Multiple response types is disabled.');
}
foreach ($types as $type) {
if (1 < count(array_keys($types, $type))) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'A response type appears more than once.');
}
if (array_key_exists($type, $this->response_types)) {
$response_types[] = $this->response_types[$type];
} else {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Response type "' . $type . '" is not supported by this server');
}
if (!$authorization->getClient()->isAllowedGrantType($type)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::UNAUTHORIZED_CLIENT, 'The response type "' . $authorization->getResponseType() . '" is unauthorized for this client.');
}
}
return $response_types;
}
/**
* @param array $params
* @param \OAuth2\Endpoint\Authorization $authorization
*/
private function populateScope(array $params, Authorization &$authorization)
{
if (!isset($params['scope'])) {
return;
}
$scope = $this->getScopeManager()->convertToScope($params['scope']);
$authorization->setScope($scope);
}
