/** * Processes an OAuth token request where an authorisation code is supplied. * * @param Request $request the OAuth token request * @param Response $response the OAuth response * @since 2.0 */ protected function tokenFromCode($request, $response) { // 1. Check code parameter if (!isset($request['code']) || $request['code'] == '') { $this->logger->log(LogLevel::ERROR, 'Token request failed: code not set'); $response->setError('invalid_request', 'code not set'); return; } // 2. Load the authorization and delete all tokens with this source $code = Code::decode($request['code']); $authorization = $code->getAuthorization(); if ($authorization == null) { $this->logger->log(LogLevel::ERROR, 'Token request failed: Authorisation not found or expired'); $response->setError('invalid_grant', 'Authorization code not found or expired'); return; } $authorization->revokeTokensFromSource($code); // 3. Check for validity if (!$code->isValid()) { $this->logger->log(LogLevel::ERROR, 'Token request failed: Authorisation code not found or expired: ' . $request['code']); $response->setError('invalid_grant', 'Authorization code not found or expired'); return; } // 4. Check request URI if ($code->getRedirectURI()) { if (!isset($request['redirect_uri']) || $code->getRedirectURI() != $request['redirect_uri']) { $this->logger->log(LogLevel::ERROR, 'Token request failed: redirect_uri in request <' . $request['redirect_uri'] . '> does not match authorisation code <' . $code->getRedirectURI() . '>'); $response->setError('invalid_grant', 'redirect_uri does not match'); return; } } $scope = $code->getScope(); // If we issue, we delete the code so that it can't be used again $code->clear(); $response->loadData($authorization->issueTokens($scope, SIMPLEID_SHORT_TOKEN_EXPIRES_IN, $code)); // Call modules $this->mgr->invokeAll('oAuthToken', 'authorization_code', $authorization, $request, $response, $scope); return $authorization; }
/** * Creates an OAuth authorisation code. * * @param string $redirect_uri the redirect URI associated with the code * @param string|array $scope the allowed scope - this should be a subset of * the scope provided by the authorisation, or null if all of the authorisation's * scope is to be included * @param array $additional additional data to be stored in the code * @return string the authorisation code */ public function issueCode($redirect_uri, $scope = null, $additional = array()) { if ($scope == null) { $scope = $this->available_scope; } $code = Code::create($this, $redirect_uri, $scope, $additional); return $code->getCode(); }