/** * Processes an OAuth token request where an authorisation code is supplied. * * @param Request $request the OAuth token request * @param Response $response the OAuth response * @since 2.0 */ protected function tokenFromCode($request, $response) { // 1. Check code parameter if (!isset($request['code']) || $request['code'] == '') { $this->logger->log(LogLevel::ERROR, 'Token request failed: code not set'); $response->setError('invalid_request', 'code not set'); return; } // 2. Load the authorization and delete all tokens with this source $code = Code::decode($request['code']); $authorization = $code->getAuthorization(); if ($authorization == null) { $this->logger->log(LogLevel::ERROR, 'Token request failed: Authorisation not found or expired'); $response->setError('invalid_grant', 'Authorization code not found or expired'); return; } $authorization->revokeTokensFromSource($code); // 3. Check for validity if (!$code->isValid()) { $this->logger->log(LogLevel::ERROR, 'Token request failed: Authorisation code not found or expired: ' . $request['code']); $response->setError('invalid_grant', 'Authorization code not found or expired'); return; } // 4. Check request URI if ($code->getRedirectURI()) { if (!isset($request['redirect_uri']) || $code->getRedirectURI() != $request['redirect_uri']) { $this->logger->log(LogLevel::ERROR, 'Token request failed: redirect_uri in request <' . $request['redirect_uri'] . '> does not match authorisation code <' . $code->getRedirectURI() . '>'); $response->setError('invalid_grant', 'redirect_uri does not match'); return; } } $scope = $code->getScope(); // If we issue, we delete the code so that it can't be used again $code->clear(); $response->loadData($authorization->issueTokens($scope, SIMPLEID_SHORT_TOKEN_EXPIRES_IN, $code)); // Call modules $this->mgr->invokeAll('oAuthToken', 'authorization_code', $authorization, $request, $response, $scope); return $authorization; }