/**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     if ($client->isPublic()) {
         throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a confidential client');
     }
     $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
     $grant_type_response->setResourceOwnerPublicId($client->getPublicId());
     $grant_type_response->setUserAccountPublicId(null);
     $grant_type_response->setRefreshTokenIssued($issue_refresh_token);
     $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     if (!$client instanceof ConfidentialClientInterface) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_CLIENT, 'The client is not a confidential client');
     }
     $issue_refresh_token = $this->getConfiguration()->get('issue_refresh_token_with_client_credentials_grant_type', false);
     $scope = RequestBody::getParameter($request, 'scope');
     $grant_type_response->setRequestedScope($scope);
     $grant_type_response->setAvailableScope(null);
     $grant_type_response->setResourceOwnerPublicId($client->getPublicId());
     $grant_type_response->setRefreshTokenIssued($issue_refresh_token);
     $grant_type_response->setRefreshTokenScope($scope);
     $grant_type_response->setRefreshTokenRevoked(null);
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     $username = RequestBody::getParameter($request, 'username');
     $password = RequestBody::getParameter($request, 'password');
     $end_user = $this->getEndUserManager()->getEndUser($username);
     if (null === $end_user || !$this->getEndUserManager()->checkEndUserPasswordCredentials($end_user, $password)) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid username and password combination');
     }
     $scope = RequestBody::getParameter($request, 'scope');
     $grant_type_response->setRequestedScope($scope);
     $grant_type_response->setAvailableScope(null);
     $grant_type_response->setResourceOwnerPublicId($end_user->getPublicId());
     $grant_type_response->setRefreshTokenIssued($this->getIssueRefreshToken($client, $end_user));
     $grant_type_response->setRefreshTokenScope($scope);
     $grant_type_response->setRefreshTokenRevoked(null);
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     $refresh_token = RequestBody::getParameter($request, 'refresh_token');
     if (null === $refresh_token) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'No "refresh_token" parameter found');
     }
     $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token);
     if (!$token instanceof RefreshTokenInterface || $token->isUsed()) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid refresh token');
     }
     $this->checkRefreshToken($token, $client);
     $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $token->getScope());
     $grant_type_response->setAvailableScope($token->getScope());
     $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId());
     $grant_type_response->setRefreshTokenIssued(true);
     $grant_type_response->setRefreshTokenScope($token->getScope());
     $grant_type_response->setRefreshTokenRevoked($token);
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     $refresh_token = RequestBody::getParameter($request, 'refresh_token');
     if (null === $refresh_token) {
         throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
     }
     $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token);
     if (!$token instanceof RefreshTokenInterface) {
         throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token');
     }
     $this->checkRefreshToken($token, $client);
     if (empty($grant_type_response->getRequestedScope())) {
         $grant_type_response->setRequestedScope($token->getScope());
     }
     $grant_type_response->setAvailableScope($token->getScope());
     $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId());
     $grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId());
     $grant_type_response->setRefreshTokenIssued(true);
     $grant_type_response->setRefreshTokenScope($token->getScope());
     $grant_type_response->setRefreshTokenRevoked($token);
     $grant_type_response->setAdditionalData('metadatas', $token->getMetadatas());
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     if (false === $client->hasPublicKeySet()) {
         throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.');
     }
     $jwt = $grant_type_response->getAdditionalData('jwt');
     try {
         $this->getJWTLoader()->verify($jwt, $client->getPublicKeySet());
     } catch (\Exception $e) {
         throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
     }
     $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
     $grant_type_response->setResourceOwnerPublicId($client->getPublicId());
     $grant_type_response->setUserAccountPublicId(null);
     $grant_type_response->setRefreshTokenIssued($issue_refresh_token);
     $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     $username = RequestBody::getParameter($request, 'username');
     $password = RequestBody::getParameter($request, 'password');
     $user_account = $this->getUserAccountManager()->getUserAccountByUsername($username);
     if (null === $user_account || !$this->getUserAccountManager()->checkUserAccountPasswordCredentials($user_account, $password)) {
         throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid username and password combination');
     }
     $grant_type_response->setResourceOwnerPublicId($user_account->getUserPublicId());
     $grant_type_response->setUserAccountPublicId($user_account->getPublicId());
     $grant_type_response->setRefreshTokenIssued($this->issueRefreshToken($client));
     $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     $this->checkClient($request, $client);
     $authCode = $this->getAuthCode($request);
     if (!$authCode instanceof AuthCodeInterface) {
         throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, "Code doesn't exist or is invalid for the client.");
     }
     $this->checkPKCE($request, $authCode);
     $this->checkAuthCode($authCode, $client);
     $redirect_uri = RequestBody::getParameter($request, 'redirect_uri');
     // Validate the redirect URI.
     $this->checkRedirectUri($authCode, $redirect_uri);
     $this->getAuthCodeManager()->markAuthCodeAsUsed($authCode);
     $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $authCode->getScope());
     $grant_type_response->setAvailableScope($authCode->getScope());
     $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId());
     $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken());
     $grant_type_response->setRefreshTokenScope($authCode->getScope());
     $grant_type_response->setRefreshTokenRevoked(null);
 }
 /**
  * {@inheritdoc}
  */
 public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
 {
     $this->checkClient($request, $client);
     $authCode = $this->getAuthCode($request);
     $this->checkPKCE($request, $authCode, $client);
     $this->checkAuthCode($authCode, $client);
     $redirect_uri = RequestBody::getParameter($request, 'redirect_uri');
     // Validate the redirect URI.
     $this->checkRedirectUri($authCode, $redirect_uri);
     $this->getAuthorizationCodeManager()->markAuthCodeAsUsed($authCode);
     if ($this->hasScopeManager()) {
         $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ? $this->getScopeManager()->convertToArray(RequestBody::getParameter($request, 'scope')) : $authCode->getScope());
         $grant_type_response->setAvailableScope($authCode->getScope());
         $grant_type_response->setRefreshTokenScope($authCode->getScope());
     }
     $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId());
     $grant_type_response->setUserAccountPublicId($authCode->getUserAccountPublicId());
     $grant_type_response->setRedirectUri($authCode->getMetadata('redirect_uri'));
     // Refresh Token
     $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken());
     $grant_type_response->setAdditionalData('auth_code', $authCode);
 }