public function testRegisterClient()
{
$this->clientRepository->expects($this->once())->method('idExists')->willReturn(false);
$this->clientRepository->expects($this->once())->method('save')->will($this->returnArgument(0));
list($client, $secret) = $this->clientService->registerClient('name', ['http://www.example.com']);
$this->assertEquals(60, strlen($client->getSecret()));
$this->assertEquals(40, strlen($secret));
}
public function testRegisterClient()
{
$client = new Client();
$this->clientRepository->expects($this->once())->method('save')->with($client)->willReturn($client);
list($client, $secret) = $this->clientService->registerClient($client);
$this->assertEquals(60, strlen($client->getSecret()));
$this->assertEquals(40, strlen($secret));
$this->assertFalse($this->clientService->authenticate($client, 'azerty'));
$this->assertTrue($this->clientService->authenticate($client, $secret));
$this->assertFalse($this->clientService->authenticate($client, $client->getSecret()));
}
/**
* Get the client (after authenticating it)
*
* According to the spec (http://tools.ietf.org/html/rfc6749#section-2.3), for public clients we do
* not need to authenticate them
*
* @return Client|null
* @throws OAuth2Exception (invalid_client) When a client secret is missing or client authentication failed
*/
private function getClient(ServerRequestInterface $request, bool $allowPublicClients)
{
list($id, $secret) = $this->extractClientCredentials($request);
// If the grant type we are issuing does not allow public clients, and that the secret is
// missing, then we have an error...
if (!$allowPublicClients && !$secret) {
throw OAuth2Exception::invalidClient('Client secret is missing');
}
// If we allow public clients and no client id was set, we can return null
if ($allowPublicClients && !$id) {
return null;
}
$client = $this->clientService->getClient($id);
// We delegate all the checks to the client service
if (null === $client || !$allowPublicClients && !$client->authenticate($secret)) {
throw OAuth2Exception::invalidClient('Client authentication failed');
}
return $client;
}
