/**
  * {@inheritDoc}
  */
 public function createTokenResponse(Request $request, Client $client = null, TokenOwnerInterface $owner = null)
 {
     $token = $request->getPost('access_token');
     $scope = $request->getPost('scope');
     if (null === $token) {
         throw OAuth2Exception::invalidRequest('Missing parameter access_token');
     }
     $owner = $this->getOwner($token);
     if (!$owner instanceof TokenOwnerInterface) {
         throw OAuth2Exception::accessDenied('Unable to load user from this token');
     }
     /**
      * @var AccessToken       $accessToken
      * @var null|RefreshToken $refreshToken
      * */
     $accessToken = new AccessToken();
     $refreshToken = null;
     // Generate token
     $this->populateToken($accessToken, $client, $owner, $scope);
     $accessToken = $this->accessTokenService->createToken($accessToken);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = new RefreshToken();
         $this->populateToken($refreshToken, $client, $owner, $scope);
         $refreshToken = $this->refreshTokenService->createToken($refreshToken);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }
 /**
  * {@inheritDoc}
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     $refreshToken = $postParams['refresh_token'] ?? null;
     if (null === $refreshToken) {
         throw OAuth2Exception::invalidRequest('Refresh token is missing');
     }
     // We can fetch the actual token, and validate it
     /** @var RefreshToken $refreshToken */
     $refreshToken = $this->refreshTokenService->getToken((string) $refreshToken);
     if (null === $refreshToken || $refreshToken->isExpired()) {
         throw OAuth2Exception::invalidGrant('Refresh token is expired');
     }
     // We can now create a new access token! First, we need to make some checks on the asked scopes,
     // because according to the spec, a refresh token can create an access token with an equal or lesser
     // scope, but not more
     $scopes = $postParams['scope'] ?? $refreshToken->getScopes();
     if (!$refreshToken->matchScopes($scopes)) {
         throw OAuth2Exception::invalidScope('The scope of the new access token exceeds the scope(s) of the refresh token');
     }
     $owner = $refreshToken->getOwner();
     $accessToken = $this->accessTokenService->createToken($owner, $client, $scopes);
     // We may want to revoke the old refresh token
     if ($this->serverOptions->getRotateRefreshTokens()) {
         if ($this->serverOptions->getRevokeRotatedRefreshTokens()) {
             $this->refreshTokenService->deleteToken($refreshToken);
         }
         $refreshToken = $this->refreshTokenService->createToken($owner, $client, $scopes);
     }
     // We can generate the response!
     return $this->prepareTokenResponse($accessToken, $refreshToken, true);
 }
 /**
  * Constructor.
  *
  * @param array $options
  */
 public function __construct($options)
 {
     $this->createUserCallable = function () {
         // By default if a new user tries to sign in, he is not allowed to sign in
         throw OAuth2Exception::accessDenied('You are not authorized to log in to the system.');
     };
     $this->setFromArray($options);
 }
 /**
  * {@inheritdoc}
  */
 protected function findProviderUserFromRequest(ServerRequestInterface $request, ProviderInterface $provider)
 {
     $postParams = $request->getParsedBody();
     $tokenIdentifier = isset($postParams['token_identifier']) ? $postParams['token_identifier'] : null;
     $tokenSecret = isset($postParams['token_secret']) ? $postParams['token_secret'] : null;
     $tokenCredentials = new TokenCredentials();
     $tokenCredentials->setIdentifier($tokenIdentifier);
     $tokenCredentials->setSecret($tokenSecret);
     /** @var \League\OAuth1\Client\Server\Server $providerClient */
     $providerClient = $this->providerClients->get($provider->getName());
     try {
         $user = $providerClient->getUserDetails($tokenCredentials);
     } catch (\Exception $e) {
         throw OAuth2Exception::invalidRequest('Token identifier and token secret are invalid');
     }
     return new Oauth1User($user);
 }
 /**
  * {@inheritdoc}
  */
 protected function findProviderUserFromRequest(ServerRequestInterface $request, ProviderInterface $provider)
 {
     $postParams = $request->getParsedBody();
     $providerAuthorizationCode = isset($postParams['provider_authorization_code']) ? $postParams['provider_authorization_code'] : null;
     $providerAccessToken = isset($postParams['provider_access_token']) ? $postParams['provider_access_token'] : null;
     /* @var \League\OAuth2\Client\Provider\ProviderInterface */
     $providerClient = $this->providerClients->get($provider->getName());
     if ($providerAuthorizationCode) {
         // Try to get an access token (using the authorization code grant)
         try {
             /** @var ProviderAccessToken  $providerAccessToken*/
             $providerAccessToken = $providerClient->getAccessToken('authorization_code', ['code' => $providerAuthorizationCode]);
         } catch (IDPException $e) {
             // @todo decide what is the best thing to do here???
             throw OAuth2Exception::invalidRequest('Provider authorization code is invalid');
         }
     } else {
         $providerAccessToken = new ProviderAccessToken(['access_token' => $providerAccessToken]);
     }
     /* @var \League\OAuth2\Client\Entity\User */
     $userDetails = $providerClient->getUserDetails($providerAccessToken);
     return new Oauth2User($userDetails);
 }
 public function createTokenResponse(Request $request, Client $client = null, TokenOwnerInterface $owner = null)
 {
     // TODO: Complete rewrite. This is just a temp method to allow token generation
     $owner = $this->userService->get($request->getPost('id'));
     $scope = 'foobar';
     if (!$owner instanceof TokenOwnerInterface) {
         throw OAuth2Exception::accessDenied('access_denied');
     }
     /**
      * @var AccessToken       $accessToken
      * @var null|RefreshToken $refreshToken
      * */
     $accessToken = new AccessToken();
     $refreshToken = null;
     $this->populateToken($accessToken, $client, $owner, $scope);
     $accessToken = $this->accessTokenService->createToken($accessToken);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = new RefreshToken();
         $this->populateToken($refreshToken, $client, $owner, $scope);
         $refreshToken = $this->refreshTokenService->createToken($refreshToken);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }
 /**
  * {@inheritDoc}
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null)
 {
     $postParams = $request->getParsedBody();
     $providerName = isset($postParams['provider']) ? $postParams['provider'] : null;
     $scope = isset($postParams['scope']) ? $postParams['scope'] : null;
     if ($providerName === null) {
         throw OAuth2Exception::invalidRequest('Provider name is missing.');
     }
     $provider = $this->providerManager->findByName($providerName);
     if (!$provider || !$this->providerClients->has($providerName)) {
         throw OAuth2Exception::invalidRequest(sprintf('Provider %s is not supported', $providerName));
     }
     $providerUser = $this->findProviderUserFromRequest($request, $provider);
     // access token is valid
     $userProvider = $this->userProviderManager->findByProviderUid($providerUser->getId(), $provider);
     if (!$userProvider) {
         // access token is valid but the user does not exists
         $createUserCallable = $this->options->getCreateUserCallable();
         // by default, we expect the callable to return instance of "Hrevert\OauthClient\Model\UserProviderInterface"
         // because the developer may have extended the default implementation
         // Alternatively the callable may return user entity directly
         $userProvider = $createUserCallable($providerUser);
         if ($userProvider instanceof UserInterface) {
             $user = $userProvider;
             $userProvider = new UserProvider();
             $userProvider->setUser($user);
         }
         $userProvider->setProviderUid($providerUser->getId());
         $userProvider->setProvider($provider);
         $this->objectManager->persist($userProvider);
         $this->objectManager->flush();
     }
     /** @var TokenOwnerInterface $owner */
     $owner = $userProvider->getUser();
     // Everything is okay, we can start tokens generation!
     $accessToken = new AccessToken();
     $this->populateToken($accessToken, $client, $owner, $scope);
     /** @var AccessToken $accessToken */
     $accessToken = $this->accessTokenService->createToken($accessToken);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     $refreshToken = null;
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = new RefreshToken();
         $this->populateToken($refreshToken, $client, $owner, $scope);
         /** @var RefreshToken $refreshToken */
         $refreshToken = $this->refreshTokenService->createToken($refreshToken);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }
 /**
  * Validate the token scopes against the registered scope
  *
  * @param  array $scopes
  * @return void
  * @throws OAuth2Exception
  */
 protected function validateTokenScopes(array $scopes)
 {
     $registeredScopes = $this->scopeService->getAll();
     foreach ($registeredScopes as &$registeredScope) {
         $registeredScope = is_string($registeredScope) ? $registeredScope : $registeredScope->getName();
     }
     $diff = array_diff($scopes, $registeredScopes);
     if (count($diff) > 0) {
         throw OAuth2Exception::invalidScope(sprintf('Some scope(s) do not exist: %s', implode(', ', $diff)));
     }
 }
 /**
  * @throws OAuth2Exception (invalid_request)
  */
 public function createAuthorizationResponse(ServerRequestInterface $request, Client $client, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     throw OAuth2Exception::invalidRequest('Client credentials grant does not support authorization');
 }
 /**
  * Create a response from the exception, using the format of the spec
  *
  * @link   http://tools.ietf.org/html/rfc6749#section-5.2
  */
 private function createResponseFromOAuthException(OAuth2Exception $exception) : ResponseInterface
 {
     $payload = ['error' => $exception->getCode(), 'error_description' => $exception->getMessage()];
     return new Response\JsonResponse($payload, 400);
 }
 /**
  * {@inheritDoc}
  * @throws OAuth2Exception
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     $code = $postParams['code'] ?? null;
     if (null === $code) {
         throw OAuth2Exception::invalidRequest('Could not find the authorization code in the request');
     }
     /* @var \ZfrOAuth2\Server\Entity\AuthorizationCode  $authorizationCode */
     $authorizationCode = $this->authorizationCodeService->getToken($code);
     if (null === $authorizationCode || $authorizationCode->isExpired()) {
         throw OAuth2Exception::invalidGrant('Authorization code cannot be found or is expired');
     }
     $clientId = $postParams['client_id'] ?? null;
     if ($authorizationCode->getClient()->getId() !== $clientId) {
         throw OAuth2Exception::invalidRequest('Authorization code\'s client does not match with the one that created the authorization code');
     }
     // If owner is null, we reuse the same as the authorization code
     $owner = $owner ?: $authorizationCode->getOwner();
     // Everything is okey, let's start the token generation!
     $scopes = $authorizationCode->getScopes();
     // reuse the scopes from the authorization code
     $accessToken = new AccessToken();
     $this->populateToken($accessToken, $client, $owner, $scopes);
     $accessToken = $this->accessTokenService->createToken($accessToken);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     $refreshToken = null;
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = new RefreshToken();
         $this->populateToken($refreshToken, $client, $owner, $scopes);
         $refreshToken = $this->refreshTokenService->createToken($refreshToken);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }
 /**
  * @throws OAuth2Exception
  */
 public function createTokenResponse(ServerRequestInterface $request, Client $client = null, TokenOwnerInterface $owner = null) : ResponseInterface
 {
     $postParams = $request->getParsedBody();
     // Validate the user using its username and password
     $username = $postParams['username'] ?? null;
     $password = $postParams['password'] ?? null;
     $scope = $postParams['scope'] ?? null;
     if (null === $username || null == $password) {
         throw OAuth2Exception::invalidRequest('Username and/or password is missing');
     }
     $callback = $this->callback;
     $owner = $callback($username, $password);
     if (!$owner instanceof TokenOwnerInterface) {
         throw OAuth2Exception::accessDenied('Either username or password are incorrect');
     }
     // Everything is okay, we can start tokens generation!
     $accessToken = $this->accessTokenService->createToken($owner, $client, $scope);
     // Before generating a refresh token, we must make sure the authorization server supports this grant
     $refreshToken = null;
     if ($this->authorizationServer->hasGrant(RefreshTokenGrant::GRANT_TYPE)) {
         $refreshToken = $this->refreshTokenService->createToken($owner, $client, $scope);
     }
     return $this->prepareTokenResponse($accessToken, $refreshToken);
 }