/**
  * {@inheritdoc}
  */
 public function processUserAccountIsAvailable(UserAccountInterface $user_account, $is_fully_authenticated, ServerRequestInterface $request, ResponseInterface $response, AuthorizationInterface $authorization)
 {
     // Whatever the prompt is, if the max_age constraint is not satisfied, the user is redirected to the login page
     if ($authorization->hasQueryParam('max_age') && time() - $user_account->getLastLoginAt() > $authorization->getQueryParam('max_age')) {
         throw new RedirectToLoginPageException($authorization);
     }
 }
 /**
  * {@inheritdoc}
  */
 public function processUserAccount(ServerRequestInterface $request, ResponseInterface &$response, AuthorizationInterface $authorization, UserAccountInterface &$user_account = null)
 {
     // The query parameter 'id_token_hint' and the Id Token Manager are set
     if ($authorization->hasQueryParam('id_token_hint') && null !== $this->getIdTokenManager()) {
         try {
             $id_token_hint = $this->getIdTokenManager()->loadIdToken($authorization->getQueryParam('id_token_hint'));
             Assertion::true($id_token_hint->hasClaim('sub'), 'Invalid "id_token_hint" parameter.');
             $public_id = $this->getIdTokenManager()->getPublicIdFromSubjectIdentifier($id_token_hint->getClaim('sub'));
             Assertion::notNull($public_id, 'Invalid "id_token_hint" parameter.');
             if (null === $user_account) {
                 $user_account = $this->getUserAccountManager()->getUserAccountByPublicId($public_id);
             } else {
                 if ($user_account->getPublicId() !== $public_id) {
                     throw new RedirectToLoginPageException($authorization);
                 }
             }
         } catch (\InvalidArgumentException $e) {
             throw new CreateRedirectionException($authorization, ExceptionManagerInterface::BAD_REQUEST, $e->getMessage());
         }
     }
 }
 /**
  * {@inheritdoc}
  */
 public function process(array &$response_parameters, ServerRequestInterface $request, ResponseInterface &$response, AuthorizationInterface $authorization)
 {
     if ($authorization->hasQueryParam('state')) {
         $response_parameters['state'] = $authorization->getQueryParam('state');
     }
 }
 /**
  * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
  * @param \Psr\Http\Message\ResponseInterface                   $response
  * @param string                                                $error
  * @param string|null                                           $error_description
  */
 private function createRedirectionException(AuthorizationInterface $authorization, ResponseInterface &$response, $error, $error_description = null)
 {
     $params = ['response_mode' => $authorization->getResponseMode(), 'redirect_uri' => $authorization->getRedirectUri()];
     if (true === $authorization->hasQueryParam('state')) {
         $params['state'] = $authorization->getQueryParam('state');
     }
     $exception = $this->getExceptionManager()->getRedirectException($error, $error_description, $params);
     $exception->getHttpResponse($response);
 }
 /**
  * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
  *
  * @return null|string
  */
 private function getUiLocale(AuthorizationInterface $authorization)
 {
     if (!method_exists($this->translator, 'getCatalogue') || !$authorization->hasQueryParam('ui_locales')) {
         return;
     }
     $ui_locales = explode(' ', $authorization->getQueryParam('ui_locales'));
     foreach ($ui_locales as $ui_locale) {
         $catalogue = $this->translator->getCatalogue($ui_locale);
         if (in_array('SpomkyLabsOAuth2Server', $catalogue->getDomains())) {
             return $ui_locale;
         }
     }
 }
 /**
  * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
  *
  * @return array
  */
 private function getIdTokenClaims(AuthorizationInterface $authorization)
 {
     if (!$authorization->hasQueryParam('claims')) {
         return [];
     }
     $requested_claims = $authorization->getQueryParam('claims');
     if (true === array_key_exists('id_token', $requested_claims)) {
         return $requested_claims['id_token'];
     }
     return [];
 }
 /**
  * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization
  *
  * @return bool
  */
 private function isOfflineAccess(AuthorizationInterface $authorization)
 {
     // The scope offline_access is not requested
     if (!in_array('offline_access', $authorization->getScopes())) {
         return false;
     }
     // The scope offline_access is requested but prompt is not consent
     // The scope offline_access is ignored
     if (!$authorization->hasQueryParam('prompt') || !in_array('consent', $authorization->getQueryParam('prompt'))) {
         $authorization->removeScope('offline_access');
         return false;
     }
     return true;
 }