/**
* {@inheritdoc}
*/
public function grantAuthorization(Authorization $authorization)
{
$code = $this->getAuthCodeManager()->createAuthCode($authorization->getClient(), $authorization->getEndUser(), $authorization->getQueryParams(), $authorization->getRedirectUri(), $authorization->getScope(), $authorization->getIssueRefreshToken());
$params = ['code' => $code->getToken()];
if (null !== $authorization->getState()) {
$params['state'] = $authorization->getState();
}
return $params;
}
/**
* {@inheritdoc}
*/
public function grantAuthorization(Authorization $authorization)
{
$token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getEndUser(), $authorization->getScope());
$params = [];
$state = $authorization->getState();
if (!empty($state)) {
$params['state'] = $state;
}
return $params;
}
/**
* @param \OAuth2\Endpoint\Authorization $authorization
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \OAuth2\Grant\ResponseTypeSupportInterface[]
*/
protected function getResponseTypes(Authorization $authorization)
{
/*
* @see http://tools.ietf.org/html/rfc6749#section-3.1.1
*/
if (null === $authorization->getResponseType()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid "response_type" parameter or parameter is missing');
}
$types = explode(' ', $authorization->getResponseType());
$response_types = [];
/*
* Multiple response types support must be enabled.
* This option should be set to true only if OpenID Connect is used.
*/
if (1 < count($types) && false === $this->getConfiguration()->get('multiple_response_types_support_enabled', false)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Multiple response types is disabled.');
}
foreach ($types as $type) {
if (1 < count(array_keys($types, $type))) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'A response type appears more than once.');
}
if (array_key_exists($type, $this->response_types)) {
$response_types[] = $this->response_types[$type];
} else {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Response type "' . $type . '" is not supported by this server');
}
if (!$authorization->getClient()->isAllowedGrantType($type)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::UNAUTHORIZED_CLIENT, 'The response type "' . $authorization->getResponseType() . '" is unauthorized for this client.');
}
}
return $response_types;
}
