/**
* Looks for an already present access_token
*
* @param ServerRequestEvent $event
*/
public function onAuthorizationResponse(ServerRequestEvent $event)
{
$arguments = $event->getServerRequest()->getQueryParams();
if (isset($arguments['access_token'])) {
die("TODO: IMPLICIT");
}
}
/**
* Looks for the code parameter and stores it in the token storage if present
*
* @param ServerRequestEvent $event
*/
public function onAuthorizationResponse(ServerRequestEvent $event)
{
$arguments = $event->getServerRequest()->getQueryParams();
if (!isset($arguments['code'])) {
return;
}
$expiresIn = 60;
$token = $this->tokenManager->createToken("authorization_code");
$token->setToken($arguments['code']);
$token->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($token);
}
/**
* Validates the CSRF token
*
* @param ServerRequestEvent $event
*
* @throws CsrfException
*/
public function onAuthorizationResponse(ServerRequestEvent $event)
{
$arguments = $event->getServerRequest()->getQueryParams();
if (!isset($arguments['state'])) {
throw new CsrfException();
}
$stateToken = $this->tokenManager->findToken("state");
if ($stateToken === null) {
throw new CsrfException();
}
$state = $stateToken->getToken();
if ($state !== $arguments['state']) {
throw new CsrfException();
}
$this->tokenManager->removeToken($stateToken);
}