/**
* Pull the authorization request data out of the HTTP $request.
* - The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting
* CONFIG_ENFORCE_INPUT_REDIRECT to true.
* - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is
* MANDATORY. You can enforce this by setting the CONFIG_ENFORCE_STATE to true.
*
* @param Request $request
*
* @return array
*
* @throws OAuth2ServerException
* @throws OAuth2RedirectException
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.1
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.12
*
* @ingroup oauth2_section_3
*/
protected function getAuthorizeParams(Request $request = null)
{
$filters = array("client_id" => array("filter" => FILTER_VALIDATE_REGEXP, "options" => array("regexp" => self::CLIENT_ID_REGEXP), "flags" => FILTER_REQUIRE_SCALAR), "response_type" => array("flags" => FILTER_REQUIRE_SCALAR), "redirect_uri" => array("filter" => FILTER_SANITIZE_URL), "state" => array("flags" => FILTER_REQUIRE_SCALAR), "scope" => array("flags" => FILTER_REQUIRE_SCALAR));
if ($request === null) {
$request = Request::createFromGlobals();
}
/**
* $inputData The draft specifies that the parameters should be retrieved from GET, but you can override to whatever method you like.
*
* @var array
*/
$inputData = $request->query->all();
$input = filter_var_array($inputData, $filters);
// Make sure a valid client id was supplied (we can not redirect because we were unable to verify the URI)
if (!$input["client_id"]) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_REQUEST, "No client id supplied");
// We don't have a good URI to use
}
// Get client details
$client = $this->storage->getClient($input["client_id"]);
if (!$client) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_CLIENT, 'Unknown client');
}
$input["redirect_uri"] = $this->getRedirectUri($input["redirect_uri"], $client);
// type and client_id are required
if (!$input["response_type"]) {
throw new OAuth2RedirectException($input["redirect_uri"], self::ERROR_INVALID_REQUEST, 'Invalid response type.', $input["state"]);
}
// Check requested auth response type against interfaces of storage engine
if ($input['response_type'] == self::RESPONSE_TYPE_AUTH_CODE) {
if (!$this->storage instanceof IOAuth2GrantCode) {
throw new OAuth2RedirectException($input["redirect_uri"], self::ERROR_UNSUPPORTED_RESPONSE_TYPE, null, $input["state"]);
}
} elseif ($input['response_type'] == self::RESPONSE_TYPE_ACCESS_TOKEN) {
if (!$this->storage instanceof IOAuth2GrantImplicit) {
throw new OAuth2RedirectException($input["redirect_uri"], self::ERROR_UNSUPPORTED_RESPONSE_TYPE, null, $input["state"], self::TRANSPORT_FRAGMENT);
}
} else {
throw new OAuth2RedirectException($input["redirect_uri"], self::ERROR_UNSUPPORTED_RESPONSE_TYPE, null, $input["state"]);
}
// Validate that the requested scope is supported
if ($input["scope"] && !$this->checkScope($input["scope"], $this->getVariable(self::CONFIG_SUPPORTED_SCOPES))) {
throw new OAuth2RedirectException($input["redirect_uri"], self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.', $input["state"]);
}
// Validate state parameter exists (if configured to enforce this)
if ($this->getVariable(self::CONFIG_ENFORCE_STATE) && !$input["state"]) {
throw new OAuth2RedirectException($input["redirect_uri"], self::ERROR_INVALID_REQUEST, "The state parameter is required.");
}
// Return retrieved client details together with input
return array('client' => $client) + $input;
}
