/**
  * @group unit
  * @group utility
  */
 public function testAugmentOAuth2ScopesForClientWithRequiredScopesNotPresent()
 {
     $client = array('scope' => array('SCOPE3' => true, 'SCOPE4' => true));
     $scopes = array('SCOPE1', 'SCOPE2');
     $result = \sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, $scopes);
     $this->assertEquals(array('SCOPE1', 'SCOPE2', 'SCOPE3', 'SCOPE4'), $result);
 }
*/
session_cache_limiter('nocache');
$config = SimpleSAML_Configuration::getConfig('module_oauth2server.php');
$clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config);
if (isset($_REQUEST['client_id'])) {
    $client = $clientStore->getClient($_REQUEST['client_id']);
}
if (isset($client)) {
    $as = new SimpleSAML_Auth_Simple($config->getValue('authsource'));
    $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client);
    $as->requireAuth($params);
    if (array_key_exists('redirect_uri', $client) && is_array($client['redirect_uri']) && count($client['redirect_uri']) > 0) {
        $returnUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : $client['redirect_uri'][0];
        $legalRedirectUri = sspmod_oauth2server_Utility_Uri::validateRedirectUri($returnUri, $client);
        if ($legalRedirectUri) {
            $requestedScopes = sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, isset($_REQUEST['scope']) ? explode(' ', $_REQUEST['scope']) : array());
            $invalidScopes = sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $requestedScopes);
            if (count($invalidScopes) == 0) {
                if (isset($_REQUEST['response_type']) && ($_REQUEST['response_type'] === 'code' || $_REQUEST['response_type'] === 'token')) {
                    $state = array('clientId' => $_REQUEST['client_id'], 'redirectUri' => isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : null, 'requestedScopes' => array_unique($requestedScopes), 'returnUri' => $returnUri, 'response_type' => $_REQUEST['response_type']);
                    if (array_key_exists('state', $_REQUEST)) {
                        $state['state'] = $_REQUEST['state'];
                    }
                    $stateId = SimpleSAML_Auth_State::saveState($state, 'oauth2server:authorization/consent');
                    $consentUri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/consent.php'), array('stateId' => $stateId));
                    SimpleSAML\Utils\HTTP::redirectTrustedURL($consentUri);
                } else {
                    if (!isset($_REQUEST['response_type'])) {
                        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'missing response type', 'MISSING_RESPONSE_TYPE', array());
                    } else {
                        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('unsupported_response_type', 'unsupported response type: ' . $_REQUEST['response_type'], 'UNSUPPORTED_RESPONSE_TYPE', array('RESPONSE_TYPE' => $_REQUEST['response_type']));
 }
 $idAttribute = $config->getValue('user_id_attribute', 'eduPersonScopedAffiliation');
 $attributes = $as->getAttributes();
 if ($state['response_type'] === 'code') {
     $authorizationCodeFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationCodeTTL, $accessTokenTTL, $tokenTTL);
     $token = $authorizationCodeFactory->createAuthorizationCode($state['clientId'], $state['redirectUri'], array(), $attributes[$idAttribute][0]);
 } else {
     $authorizationCodeFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationCodeTTL, $tokenTTL, $tokenTTL);
     $token = $authorizationCodeFactory->createBearerAccessToken($state['clientId'], array(), $attributes[$idAttribute][0]);
 }
 if (isset($_REQUEST['grantedScopes'])) {
     $scopesTemp = $_REQUEST['grantedScopes'];
 } else {
     $scopesTemp = array();
 }
 \sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, $scopesTemp);
 $token['scopes'] = \sspmod_oauth2server_Utility_Uri::findValidScopes($client, $scopesTemp);
 $tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config);
 if ($state['response_type'] === 'code') {
     $tokenStore->addAuthorizationCode($token);
 } else {
     $tokenStore->addAccessToken($token);
 }
 $userStore = new sspmod_oauth2server_OAuth2_UserStore($config);
 $user = $userStore->getUser($token['userId']);
 if (is_array($user)) {
     $user['attributes'] = $as->getAttributes();
     $liveTokens = array($token['id']);
     if ($state['response_type'] === 'code') {
         foreach ($user['authorizationCodes'] as $tokenId) {
             if (!is_null($tokenStore->getAuthorizationCode($tokenId))) {