/**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return null;
     }
     try {
         $tokenString = $token->getToken();
         if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
             $scope = $accessToken->getScope();
             $user = $accessToken->getUser();
             $roles = null !== $user ? $user->getRoles() : array();
             if (!empty($scope)) {
                 foreach (explode(' ', $scope) as $role) {
                     $roles[] = 'ROLE_' . strtoupper($role);
                 }
             }
             $token = new OAuthToken($roles);
             $token->setAuthenticated(true);
             $token->setToken($tokenString);
             if (null !== $user) {
                 $token->setUser($user);
             }
             return $token;
         }
     } catch (OAuth2ServerException $e) {
         throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
     }
     throw new AuthenticationException('OAuth2 authentication failed');
 }
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     /** @var OAuthToken $token */
     if (!$this->supports($token)) {
         return null;
     }
     try {
         $tokenString = $token->getToken();
         /** @var AccessToken $accessToken */
         if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
             $userRepository = $this->entityManager->getRepository(ClassPath::USER);
             $scope = $accessToken->getScope();
             /** @var User $user */
             $user = $userRepository->find($accessToken->getUserId());
             if (!empty($user)) {
                 try {
                     $this->userChecker->checkPreAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             $roles = null !== $user ? $user->getRoles() : array();
             if (!empty($scope)) {
                 foreach (explode(' ', $scope) as $role) {
                     $roles[] = 'ROLE_' . strtoupper($role);
                 }
             }
             $token = new OAuthToken($roles);
             $token->setAuthenticated(true);
             $token->setToken($tokenString);
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPostAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             return $token;
         }
     } catch (OAuth2ServerException $e) {
         if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) {
             // Symfony 2.1
             throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
         }
         throw new AuthenticationException('OAuth2 authentication failed', 0, $e);
     }
     throw new AuthenticationException('OAuth2 authentication failed');
 }
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return;
     }
     try {
         $tokenString = $token->getToken();
         if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
             $scope = $accessToken->getScope();
             $user = $accessToken->getUser();
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPreAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             $roles = null !== $user ? $user->getRoles() : array();
             /*
              * This is the only modification from the base class.
              * We only add scopes if we're not connected as user.
              * Otherwise, if we support the scope admin, everyone will be admin if no scope are requested because fos-oauth2-lib
              * doesn't support different scope by clients (https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/201)
              * This way, we can bypass this by creating 2 clients: 1 wich grant the password (and refresh) types 
              * (and will require a user authentication)
              * One that grant pretty much all the rest.
              */
             if (!$user) {
                 if (!empty($scope)) {
                     foreach (explode(' ', $scope) as $role) {
                         $roles[] = 'ROLE_' . strtoupper($role);
                     }
                 }
             }
             $roles = array_unique($roles, SORT_REGULAR);
             $token = new OAuthToken($roles);
             $token->setAuthenticated(true);
             $token->setToken($tokenString);
             if (null !== $user) {
                 try {
                     $this->userChecker->checkPostAuth($user);
                 } catch (AccountStatusException $e) {
                     throw new OAuth2AuthenticateException(OAuth2::HTTP_UNAUTHORIZED, OAuth2::TOKEN_TYPE_BEARER, $this->serverService->getVariable(OAuth2::CONFIG_WWW_REALM), 'access_denied', $e->getMessage());
                 }
                 $token->setUser($user);
             }
             return $token;
         }
     } catch (OAuth2ServerException $e) {
         if (!method_exists('Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException', 'setToken')) {
             // Symfony 2.1
             throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
         }
         throw new AuthenticationException('OAuth2 authentication failed', 0, $e);
     }
     throw new AuthenticationException('OAuth2 authentication failed');
 }