/**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getResourceOwnerPublicId()) {
         return;
     }
     if ($configuration->getResourceOwnerPublicId() !== $token->getResourceOwner()->getPublicId()) {
         return 'Resource owner not authorized';
     }
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getClientPublicId()) {
         return;
     }
     if ($configuration->getClientPublicId() !== $token->getClient()->getPublicId()) {
         return 'Client not authorized.';
     }
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getResourceOwnerType()) {
         return;
     }
     $result = $this->isTypeValid($configuration->getResourceOwnerType(), $token->getResourceOwner());
     if (false === $result) {
         return 'Bad resource owner type';
     }
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getClientType()) {
         return;
     }
     $result = $this->isTypeValid($configuration->getClientType(), $token->getClient());
     if (false === $result) {
         return 'Bad client type';
     }
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getScope()) {
         return;
     }
     // If the scope of the access token are not sufficient, then returns an authentication error
     $tokenScope = $this->getScopeManager()->convertToScope($token->getAccessToken()->getScope());
     $requiredScope = $this->getScopeManager()->convertToScope($configuration->getScope());
     if (!$this->getScopeManager()->checkScopes($requiredScope, $tokenScope)) {
         return 'Insufficient scope';
     }
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getScope()) {
         return;
     }
     $language = $this->getExpressionLanguage();
     $result = $language->evaluate($configuration->getScope(), ['scope' => $token->getAccessToken()->getScope()]);
     // If the scope of the access token does not fulfill the scope rule, then returns an authentication error
     if (false === $result) {
         return sprintf('Insufficient scope. The scope rule is: %s', $configuration->getScope());
     }
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getClientType()) {
         return;
     }
     if (self::TYPE_PUBLIC === $configuration->getClientType() && 'none' === $token->getClient()->get('token_endpoint_auth_method')) {
         return;
     }
     if (self::TYPE_CONFIDENTIAL === $configuration->getClientType() && 'none' !== $token->getClient()->get('token_endpoint_auth_method')) {
         return;
     }
     return 'Resource owner not authorized.';
 }
 /**
  * {@inheritdoc}
  */
 public function check(OAuth2Token $token, OAuth2 $configuration)
 {
     if (null === $configuration->getResourceOwnerType()) {
         return;
     }
     if (self::TYPE_CLIENT === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof ClientInterface) {
         return;
     }
     if (self::TYPE_USER === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof UserAccountInterface) {
         return;
     }
     return 'Resource owner not authorized.';
 }
 /**
  * {@inheritdoc}
  */
 public function handle(GetResponseEvent $event)
 {
     $factory = new DiactorosFactory();
     $request = $factory->createRequest($event->getRequest());
     $token_id = $this->getAccessTokenTypeManager()->findAccessToken($request);
     if (null === $token_id) {
         return;
     }
     try {
         $token = new OAuth2Token();
         $token->setToken($token_id);
         $result = $this->authentication_manager->authenticate($token);
         $this->token_storage->setToken($result);
     } catch (AuthenticationException $e) {
         if (null !== $e->getPrevious()) {
             $e = $e->getPrevious();
         }
         $response = new Response($e->getMessage(), 401);
         $event->setResponse($response);
     }
 }