/**
* {@inheritDoc}
* @throws OAuth2Exception
*/
public function createAuthorizationResponse(ServerRequestInterface $request, Client $client, TokenOwnerInterface $owner = null)
{
$queryParams = $request->getQueryParams();
// We must validate some parameters first
$responseType = $queryParams['response_type'] ?? null;
if ($responseType !== self::GRANT_RESPONSE_TYPE) {
throw OAuth2Exception::invalidRequest(sprintf('The desired grant type must be "code", but "%s" was given', $responseType));
}
// We try to fetch the redirect URI from query param as per spec, and if none found, we just use
// the first redirect URI defined in the client
$redirectUri = $queryParams['redirect_uri'] ?? $client->getRedirectUris()[0];
// If the redirect URI cannot be found in the list, we throw an error as we don't want the user
// to be redirected to an unauthorized URL
if (!$client->hasRedirectUri($redirectUri)) {
throw OAuth2Exception::invalidRequest('Redirect URI does not match the registered one');
}
// Scope and state allow to perform additional validation
$scope = $queryParams['scope'] ?? null;
$state = $queryParams['state'] ?? null;
$authorizationCode = new AuthorizationCode();
$authorizationCode->setRedirectUri($redirectUri);
$this->populateToken($authorizationCode, $client, $owner, $scope);
$authorizationCode = $this->authorizationCodeService->createToken($authorizationCode);
$uri = http_build_query(array_filter(['code' => $authorizationCode->getToken(), 'state' => $state]));
return new Response\RedirectResponse($redirectUri . '?' . $uri);
}
public function testTriggerExceptionIfCustomRedirectUriIsNotAuthorized()
{
$this->setExpectedException(OAuth2Exception::class);
$queryParams = ['response_type' => 'code', 'scope' => '', 'state' => 'xyz', 'redirect_uri' => 'http://www.custom-example.com'];
$request = $this->getMock(ServerRequestInterface::class);
$request->expects($this->once())->method('getQueryParams')->will($this->returnValue($queryParams));
$token = $this->getValidAuthorizationCode();
$this->authorizationCodeService->expects($this->never())->method('createToken')->will($this->returnValue($token));
$client = new Client();
$client->setRedirectUris('http://www.example.com');
$this->grant->createAuthorizationResponse($request, $client);
}
/**
* Authenticate the client
*
* @param Client $client
* @param string $secret
* @return bool True if properly authenticated, false otherwise
*/
public function authenticate(Client $client, string $secret) : bool
{
return password_verify($secret, $client->getSecret());
}