/**
* Looks for the code parameter and stores it in the token storage if present
*
* @param ServerRequestEvent $event
*/
public function onAuthorizationResponse(ServerRequestEvent $event)
{
$arguments = $event->getServerRequest()->getQueryParams();
if (!isset($arguments['code'])) {
return;
}
$expiresIn = 60;
$token = $this->tokenManager->createToken("authorization_code");
$token->setToken($arguments['code']);
$token->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($token);
}
/**
* Looks for a refresh_token in the response body
*
* @param ResponseEvent $event
*/
public function onTokenResponse(ResponseEvent $event)
{
$body = (string) $event->getResponse()->getBody();
$arguments = json_decode($body, true);
if (!isset($arguments['refresh_token'])) {
return;
}
$expiresIn = 14 * 24 * 60 * 60;
// Two weeks
$refreshToken = $this->tokenManager->createToken("refresh_token");
$refreshToken->setToken($arguments['refresh_token']);
$refreshToken->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($refreshToken);
}
/**
* Adds CSRF token to the authorization request
*
* @param RedirectEvent $event
*/
public function onAuthorizationRequest(RedirectEvent $event)
{
$url = $event->getUrl();
if ($url === null) {
return;
}
$token = md5(uniqid(rand(), true));
$expiresIn = 120;
$stateToken = $this->tokenManager->createToken("state");
$stateToken->setToken($token);
$stateToken->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($stateToken);
$url = $url . "&state={$token}";
$event->setUrl($url);
}