/**
* {@inheritdoc}
*/
public function validateAuthorization(ServerRequestInterface $request)
{
if ($request->hasHeader('authorization') === false) {
throw OAuthServerException::accessDenied('Missing "Authorization" header');
}
$header = $request->getHeader('authorization');
$accessTokenId = trim($header[0]);
try {
$accessTokenEntity = $this->accessTokenRepository->findAccessToken($accessTokenId);
// Check if token has been revoked
if (is_null($accessTokenEntity)) {
throw OAuthServerException::accessDenied('Access token has been revoked');
}
// Ensure access token hasn't expired
if ($accessTokenEntity->getExpiryDateTime()->lt(Carbon::now())) {
throw OAuthServerException::accessDenied('Access token is invalid');
}
// Return the request with additional attributes
return $request->withAttribute('oauth_access_token_id', $accessTokenEntity->getIdentifier())->withAttribute('oauth_client_id', $accessTokenEntity->getClient()->getIdentifier())->withAttribute('oauth_user_id', $accessTokenEntity->getUserIdentifier())->withAttribute('oauth_scopes', $accessTokenEntity->getScopes());
} catch (\InvalidArgumentException $exception) {
// JWT couldn't be parsed so return the request as is
throw OAuthServerException::accessDenied($exception->getMessage());
}
}
/**
* get getAccessTokensForUser.
*
* @param $userId
*
* @return array|null
*/
public function getAccessTokensForUser($userId)
{
$accessTokenRepository = new AccessTokenRepository();
// instance of AccessTokenRepositoryInterface
$user = new UserEntity();
// instance of AccessTokenRepositoryInterface
$user->setIdentifier($userId);
return $accessTokenRepository->findAccessTokensByUser($user);
}
