/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if ($client->isPublic()) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a confidential client');
}
$issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setUserAccountPublicId(null);
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$refresh_token = RequestBody::getParameter($request, 'refresh_token');
if (null === $refresh_token) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
}
$token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token);
if (!$token instanceof RefreshTokenInterface) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token');
}
$this->checkRefreshToken($token, $client);
if (empty($grant_type_response->getRequestedScope())) {
$grant_type_response->setRequestedScope($token->getScope());
}
$grant_type_response->setAvailableScope($token->getScope());
$grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId());
$grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId());
$grant_type_response->setRefreshTokenIssued(true);
$grant_type_response->setRefreshTokenScope($token->getScope());
$grant_type_response->setRefreshTokenRevoked($token);
$grant_type_response->setAdditionalData('metadatas', $token->getMetadatas());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if (false === $client->hasPublicKeySet()) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.');
}
$jwt = $grant_type_response->getAdditionalData('jwt');
try {
$this->getJWTLoader()->verify($jwt, $client->getPublicKeySet());
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
}
$issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setUserAccountPublicId(null);
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$username = RequestBody::getParameter($request, 'username');
$password = RequestBody::getParameter($request, 'password');
$user_account = $this->getUserAccountManager()->getUserAccountByUsername($username);
if (null === $user_account || !$this->getUserAccountManager()->checkUserAccountPasswordCredentials($user_account, $password)) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid username and password combination');
}
$grant_type_response->setResourceOwnerPublicId($user_account->getUserPublicId());
$grant_type_response->setUserAccountPublicId($user_account->getPublicId());
$grant_type_response->setRefreshTokenIssued($this->issueRefreshToken($client));
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* @param \OAuth2\Client\ClientInterface $client
* @param \OAuth2\Grant\GrantTypeResponseInterface $grant_type_response
* @param array $request_parameters
* @param array $token_type_information
* @param array $metadatas
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return \OAuth2\Token\AccessTokenInterface
*/
private function createAccessToken(ClientInterface $client, GrantTypeResponseInterface $grant_type_response, array $request_parameters, array $token_type_information, array $metadatas)
{
$refresh_token = null;
$resource_owner = $this->getResourceOwner($grant_type_response->getResourceOwnerPublicId(), $grant_type_response->getUserAccountPublicId());
if (true === $this->hasRefreshTokenManager()) {
if (true === $grant_type_response->isRefreshTokenIssued()) {
$refresh_token = $this->getRefreshTokenManager()->createRefreshToken($client, $resource_owner, $grant_type_response->getRefreshTokenScope(), $metadatas);
}
}
$access_token = $this->getAccessTokenManager()->createAccessToken($client, $resource_owner, $token_type_information, $request_parameters, $grant_type_response->getRequestedScope(), $refresh_token, null, $metadatas);
return $access_token;
}
