/** * Checks if the access token is valid or not * * @param bool $headerOnly Limit Access Token to Authorization header * @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token * * @throws \League\OAuth2\Server\Exception\AccessDeniedException * @throws \League\OAuth2\Server\Exception\InvalidRequestException * * @return bool */ public function isValidRequest($headerOnly = true, $accessToken = null) { $accessTokenString = $accessToken !== null ? $accessToken : $this->determineAccessToken($headerOnly); // Set the access token $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString); // Ensure the access token exists if (!$this->accessToken instanceof AccessTokenEntity) { throw new AccessDeniedException(); } // Check the access token hasn't expired // Ensure the auth code hasn't expired if ($this->accessToken->isExpired() === true) { throw new AccessDeniedException(); } return true; }