/**
  * {@inheritdoc}
  */
 public function validateAuthorizationRequest(ServerRequestInterface $request)
 {
     $clientId = $this->getQueryStringParameter('client_id', $request, $this->getServerParameter('PHP_AUTH_USER', $request));
     if (is_null($clientId)) {
         throw OAuthServerException::invalidRequest('client_id');
     }
     $client = $this->clientRepository->getClientEntity($clientId, $this->getIdentifier(), null, false);
     if ($client instanceof ClientEntityInterface === false) {
         $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
         throw OAuthServerException::invalidClient();
     }
     $redirectUri = $this->getQueryStringParameter('redirect_uri', $request);
     if ($redirectUri !== null) {
         if (is_string($client->getRedirectUri()) && strcmp($client->getRedirectUri(), $redirectUri) !== 0) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         } elseif (is_array($client->getRedirectUri()) && in_array($redirectUri, $client->getRedirectUri()) === false) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         }
     }
     $scopes = $this->validateScopes($this->getQueryStringParameter('scope', $request), is_array($client->getRedirectUri()) ? $client->getRedirectUri()[0] : $client->getRedirectUri());
     $stateParameter = $this->getQueryStringParameter('state', $request);
     $authorizationRequest = new AuthorizationRequest();
     $authorizationRequest->setGrantTypeId($this->getIdentifier());
     $authorizationRequest->setClient($client);
     $authorizationRequest->setRedirectUri($redirectUri);
     $authorizationRequest->setState($stateParameter);
     $authorizationRequest->setScopes($scopes);
     if ($this->enableCodeExchangeProof === true) {
         $codeChallenge = $this->getQueryStringParameter('code_challenge', $request);
         if ($codeChallenge === null) {
             throw OAuthServerException::invalidRequest('code_challenge');
         }
         $codeChallengeMethod = $this->getQueryStringParameter('code_challenge_method', $request, 'plain');
         if (in_array($codeChallengeMethod, ['plain', 'S256']) === false) {
             throw OAuthServerException::invalidRequest('code_challenge_method', 'Code challenge method must be `plain` or `S256`');
         }
         $authorizationRequest->setCodeChallenge($codeChallenge);
         $authorizationRequest->setCodeChallengeMethod($codeChallengeMethod);
     }
     return $authorizationRequest;
 }
Esempio n. 2
0
 /**
  * {@inheritdoc}
  */
 public function validateAuthorizationRequest(ServerRequestInterface $request)
 {
     $clientId = $this->getQueryStringParameter('client_id', $request, $this->getServerParameter('PHP_AUTH_USER', $request));
     if (is_null($clientId)) {
         throw OAuthServerException::invalidRequest('client_id');
     }
     $client = $this->clientRepository->getClientEntity($clientId, $this->getIdentifier(), null, false);
     if ($client instanceof ClientEntityInterface === false) {
         $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
         throw OAuthServerException::invalidClient();
     }
     $redirectUri = $this->getQueryStringParameter('redirect_uri', $request);
     if ($redirectUri !== null) {
         if (is_string($client->getRedirectUri()) && strcmp($client->getRedirectUri(), $redirectUri) !== 0) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         } elseif (is_array($client->getRedirectUri()) && in_array($redirectUri, $client->getRedirectUri()) === false) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         }
     }
     $scopes = $this->validateScopes($this->getQueryStringParameter('scope', $request), is_array($client->getRedirectUri()) ? $client->getRedirectUri()[0] : $client->getRedirectUri());
     // Finalize the requested scopes
     $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
     $stateParameter = $this->getQueryStringParameter('state', $request);
     $authorizationRequest = new AuthorizationRequest();
     $authorizationRequest->setGrantTypeId($this->getIdentifier());
     $authorizationRequest->setClient($client);
     $authorizationRequest->setRedirectUri($redirectUri);
     $authorizationRequest->setState($stateParameter);
     $authorizationRequest->setScopes($scopes);
     return $authorizationRequest;
 }