/**
* \brief 認可リクエストメソッド
*
* 認可サーバへAuthorozation Codeをリクエストします.
*
* @param $redirect_uri リダイレクトURI
* @param $state state
*/
public function requestAuthorizationGrant($redirect_uri = null, $state = null)
{
self::setParam("response_type", $this->response_type);
self::setParam("client_id", $this->cred->id);
// RECOMMENEDED
if ($state != null) {
self::setParam("state", $state);
}
// OPTIONAL
if ($redirect_uri != null) {
$encoded_redirect_uri = urlencode($redirect_uri);
self::setParam("redirect_uri", $redirect_uri);
}
$query = http_build_query($this->params);
$request_uri = $this->url . "?" . $query;
Logger::info("authorization request(" . get_class() . "::" . __FUNCTION__ . ")", $request_uri);
header("Location: " . $request_uri);
exit;
}
/**
* \brief デバッグ用出力メソッド
*
* @param $display true:コンソール出力 false:ログファイル出力
*/
public function enableDebugMode($display = false)
{
if ($display == true) {
Logger::setLogType(Logger::CONSOLE_TYPE);
}
Logger::setLogLevel(Logger::DEBUG);
}
/**
* \brief Tokenエンドポイントリソース取得メソッド
*/
public function fetchToken()
{
parent::setParam("grant_type", GrantType::REFRESH_TOKEN);
parent::setParam("refresh_token", $this->refresh_token);
parent::fetchToken();
$res_body = parent::getResponse();
// JSONパラメータ抽出処理
$json_response = json_decode($res_body, true);
Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response);
if ($json_response != null) {
if (empty($json_response["error"])) {
$access_token = $json_response["access_token"];
$exp = $json_response["expires_in"];
$this->access_token = new BearerToken($access_token, $exp);
} else {
$error = $json_response["error"];
$error_desc = $json_response["error_description"];
Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc);
throw new TokenException($error, $error_desc);
}
} else {
Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body");
throw new TokenException("no_response", "Failed to get the response body");
}
Logger::debug("refresh token response(" . get_class() . "::" . __FUNCTION__ . ")", array($this->access_token));
Logger::info("got access and refresh token(" . get_class() . "::" . __FUNCTION__ . ")");
}
public static function verify($object, $auth_nonce, $client_id, $acceptable_range = 600)
{
// Is iss equal to issuer ?
if (self::$issuer != $object->iss) {
throw new IdTokenException("Invalid issuer.", "The issuer did not match.({$object->iss})");
}
// Is nonce equal to this nonce (was issued at the request authorization) ?
if ($auth_nonce != $object->nonce) {
throw new IdTokenException("Not match nonce.", "The nonce did not match.({$auth_nonce}, {$object->nonce})");
}
// Is aud equal to the client_id (Application ID) ? if ( $client_id != $object->aud )
if ($client_id != $object->aud) {
throw new IdTokenException("Invalid audience.", "The client id did not match.({$object->aud})");
}
// Is corrent time less than exp ?
if (time() > $object->exp) {
throw new IdTokenException("Expired ID Token.", "Re-issue Id Token.({$object->exp})");
}
Logger::debug("current time: " . time() . ", exp: {$object->exp}(" . get_class() . "::" . __FUNCTION__ . ")");
// prevent attacks
$time_diff = time() - $object->iat;
if ($time_diff > $acceptable_range) {
throw new IdTokenException("Over acceptable range.", "This access has expired possible.({$time_diff} sec)");
}
Logger::debug("current time - iat = {$time_diff}, current time: " . time() . ", iat: {$object->iat}(" . get_class() . "::" . __FUNCTION__ . ")");
return true;
}
/**
* \brief UserInfoエンドポイントリソース取得メソッド
*
*/
public function fetchUserInfo()
{
parent::setParam("schema", $this->schema);
parent::fetchResource($this->url, "GET");
$res_body = parent::getLastResponse();
$json_response = json_decode($res_body, true);
Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response);
if ($json_response != null) {
if (empty($json_response["error"])) {
$this->user_info = $json_response;
} else {
$error = $json_response["error"];
$error_desc = $json_response["error_description"];
Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc);
throw new ApiException($error, $error_desc);
}
} else {
Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body");
throw new ApiException("no_response", "Failed to get the response body");
}
}
/**
* \brief Tokenエンドポイントリソース取得メソッド
*/
public function fetchToken()
{
parent::setParam("grant_type", GrantType::AUTHORIZATION_CODE);
parent::setParam("code", $this->code);
parent::setParam("redirect_uri", $this->redirect_uri);
parent::fetchToken();
$res_body = parent::getResponse();
// JSONパラメータ抽出処理
$json_response = json_decode($res_body, true);
Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response);
if ($json_response != null) {
if (empty($json_response["error"])) {
$access_token = $json_response["access_token"];
$exp = $json_response["expires_in"];
$refresh_token = $json_response["refresh_token"];
$this->access_token = new BearerToken($access_token, $exp);
$this->refresh_token = new RefreshToken($refresh_token);
if (array_key_exists("id_token", $json_response)) {
$id_token = $json_response["id_token"];
$id_token_object = new IdToken($id_token, $this->cred->secret);
$this->id_token = $id_token_object->getIdToken();
}
} else {
$error = $json_response["error"];
$error_desc = $json_response["error_description"];
Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc);
throw new TokenException($error, $error_desc);
}
} else {
Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body");
throw new TokenException("no_response", "Failed to get the response body");
}
Logger::debug("token endpoint response(" . get_class() . "::" . __FUNCTION__ . ")", array($this->access_token, $this->refresh_token));
Logger::info("got access and refresh token(" . get_class() . "::" . __FUNCTION__ . ")");
}
/**
* \brief BillingAddressエンドポイントリソース取得メソッド
*
*/
public function fetchBillingAddress()
{
parent::fetchResource($this->url, "GET");
$res_body = parent::getLastResponse();
$json_response = json_decode($res_body, true);
Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response);
if ($json_response != null) {
if (empty($json_response["error"])) {
$this->billing_address = $json_response;
} else {
$error = $json_response["error"]["code"];
$error_desc = $json_response["error"]["message"];
Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc);
throw new ApiException($error, $error_desc);
}
} else {
Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body");
throw new ApiException("no_response", "Failed to get the response body");
}
}
