/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if ($client->isPublic()) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a confidential client');
}
$issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setUserAccountPublicId(null);
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if (!$client instanceof ConfidentialClientInterface) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_CLIENT, 'The client is not a confidential client');
}
$issue_refresh_token = $this->getConfiguration()->get('issue_refresh_token_with_client_credentials_grant_type', false);
$scope = RequestBody::getParameter($request, 'scope');
$grant_type_response->setRequestedScope($scope);
$grant_type_response->setAvailableScope(null);
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($scope);
$grant_type_response->setRefreshTokenRevoked(null);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$username = RequestBody::getParameter($request, 'username');
$password = RequestBody::getParameter($request, 'password');
$end_user = $this->getEndUserManager()->getEndUser($username);
if (null === $end_user || !$this->getEndUserManager()->checkEndUserPasswordCredentials($end_user, $password)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid username and password combination');
}
$scope = RequestBody::getParameter($request, 'scope');
$grant_type_response->setRequestedScope($scope);
$grant_type_response->setAvailableScope(null);
$grant_type_response->setResourceOwnerPublicId($end_user->getPublicId());
$grant_type_response->setRefreshTokenIssued($this->getIssueRefreshToken($client, $end_user));
$grant_type_response->setRefreshTokenScope($scope);
$grant_type_response->setRefreshTokenRevoked(null);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$refresh_token = RequestBody::getParameter($request, 'refresh_token');
if (null === $refresh_token) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'No "refresh_token" parameter found');
}
$token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token);
if (!$token instanceof RefreshTokenInterface || $token->isUsed()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid refresh token');
}
$this->checkRefreshToken($token, $client);
$grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $token->getScope());
$grant_type_response->setAvailableScope($token->getScope());
$grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId());
$grant_type_response->setRefreshTokenIssued(true);
$grant_type_response->setRefreshTokenScope($token->getScope());
$grant_type_response->setRefreshTokenRevoked($token);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$refresh_token = RequestBody::getParameter($request, 'refresh_token');
if (null === $refresh_token) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
}
$token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token);
if (!$token instanceof RefreshTokenInterface) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token');
}
$this->checkRefreshToken($token, $client);
if (empty($grant_type_response->getRequestedScope())) {
$grant_type_response->setRequestedScope($token->getScope());
}
$grant_type_response->setAvailableScope($token->getScope());
$grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId());
$grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId());
$grant_type_response->setRefreshTokenIssued(true);
$grant_type_response->setRefreshTokenScope($token->getScope());
$grant_type_response->setRefreshTokenRevoked($token);
$grant_type_response->setAdditionalData('metadatas', $token->getMetadatas());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
if (false === $client->hasPublicKeySet()) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.');
}
$jwt = $grant_type_response->getAdditionalData('jwt');
try {
$this->getJWTLoader()->verify($jwt, $client->getPublicKeySet());
} catch (\Exception $e) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage());
}
$issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken();
$grant_type_response->setResourceOwnerPublicId($client->getPublicId());
$grant_type_response->setUserAccountPublicId(null);
$grant_type_response->setRefreshTokenIssued($issue_refresh_token);
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$username = RequestBody::getParameter($request, 'username');
$password = RequestBody::getParameter($request, 'password');
$user_account = $this->getUserAccountManager()->getUserAccountByUsername($username);
if (null === $user_account || !$this->getUserAccountManager()->checkUserAccountPasswordCredentials($user_account, $password)) {
throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid username and password combination');
}
$grant_type_response->setResourceOwnerPublicId($user_account->getUserPublicId());
$grant_type_response->setUserAccountPublicId($user_account->getPublicId());
$grant_type_response->setRefreshTokenIssued($this->issueRefreshToken($client));
$grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope());
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$this->checkClient($request, $client);
$authCode = $this->getAuthCode($request);
if (!$authCode instanceof AuthCodeInterface) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, "Code doesn't exist or is invalid for the client.");
}
$this->checkPKCE($request, $authCode);
$this->checkAuthCode($authCode, $client);
$redirect_uri = RequestBody::getParameter($request, 'redirect_uri');
// Validate the redirect URI.
$this->checkRedirectUri($authCode, $redirect_uri);
$this->getAuthCodeManager()->markAuthCodeAsUsed($authCode);
$grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $authCode->getScope());
$grant_type_response->setAvailableScope($authCode->getScope());
$grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId());
$grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken());
$grant_type_response->setRefreshTokenScope($authCode->getScope());
$grant_type_response->setRefreshTokenRevoked(null);
}
/**
* {@inheritdoc}
*/
public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response)
{
$this->checkClient($request, $client);
$authCode = $this->getAuthCode($request);
$this->checkPKCE($request, $authCode, $client);
$this->checkAuthCode($authCode, $client);
$redirect_uri = RequestBody::getParameter($request, 'redirect_uri');
// Validate the redirect URI.
$this->checkRedirectUri($authCode, $redirect_uri);
$this->getAuthorizationCodeManager()->markAuthCodeAsUsed($authCode);
if ($this->hasScopeManager()) {
$grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ? $this->getScopeManager()->convertToArray(RequestBody::getParameter($request, 'scope')) : $authCode->getScope());
$grant_type_response->setAvailableScope($authCode->getScope());
$grant_type_response->setRefreshTokenScope($authCode->getScope());
}
$grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId());
$grant_type_response->setUserAccountPublicId($authCode->getUserAccountPublicId());
$grant_type_response->setRedirectUri($authCode->getMetadata('redirect_uri'));
// Refresh Token
$grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken());
$grant_type_response->setAdditionalData('auth_code', $authCode);
}