/** * process API Request * * @param Akita_OpenIDConnect_Server_DataHandler $dataHandler */ public function processRequest($dataHandler) { $request = $dataHandler->getRequest(); $param_access_token = $request->getAccessToken(); if (empty($param_access_token)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'access_token' is required"); } // schema param is REQUIRED if (!isset($request->param['schema']) || $request->param['schema'] !== 'openid') { throw new Akita_OAuth2_Server_Error('400', 'invalid_schema'); } $accessToken = $dataHandler->getAccessToken($param_access_token); if (is_null($accessToken)) { throw new Akita_OAuth2_Server_Error('401', 'invalid_token'); } $authInfo = $dataHandler->getAuthInfoById($accessToken->authId); if (is_null($authInfo)) { throw new Akita_OAuth2_Server_Error('500', 'server_error'); } return $authInfo; }
/** * process Authorization Request * * @param Akita_OpenIDConnect_Server_DataHandler $dataHandler */ public function processAuthorizationRequest($dataHandler, $allowed_response_type = array('code', 'id_token', 'token', 'code id_token', 'code token', 'id_token token', 'code id_token token')) { $request = $dataHandler->getRequest(); //$response_type = (isset($request->param['response_type'])) ? $request->param['response_type'] : ""; $response_type = $request->openidConnectResponseType; if (empty($response_type)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'response_type' is required"); } if (!in_array($response_type, $allowed_response_type)) { throw new Akita_OAuth2_Server_Error('400', 'unsupported_response_type'); } // validate client_id $client_id = isset($request->param['client_id']) ? $request->param['client_id'] : ""; if (empty($client_id)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'client_id' is required"); } if (!$dataHandler->validateClientById($client_id)) { throw new Akita_OAuth2_Server_Error('400', 'unauthorized_client'); } // validate redirect_uri $redirect_uri = isset($request->param['redirect_uri']) ? $request->param['redirect_uri'] : ""; if (empty($redirect_uri)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'redirect_uri' is required"); } if (!$dataHandler->validateRedirectUri($client_id, $redirect_uri)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'redirect_uri' is invalid"); } // validate scope $scope = $request->openidConnectScope; if (!$dataHandler->validateScope($client_id, $scope)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_scope'); } // validate nonce $nonce = isset($request->param['nonce']) ? $request->param['nonce'] : ""; //if(!$dataHandler->validateNonce($response_type, $nonce)){ if ($response_type != 'code' && $response_type != 'token' && empty($nonce)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', 'nonce_required'); } // validate display $display = isset($request->param['display']) ? $request->param['display'] : ""; if (!$dataHandler->validateDisplay($display)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'display' is invalid"); } // validate prompt $prompt = $request->openidConnectPrompt; if (!$dataHandler->validatePrompt($prompt)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'prompt' is invalid"); } // validate request if (isset($request->param['request'])) { if (!$dataHandler->validateRequestObject($request)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'request' is invalid"); } } // validate request_uri if (isset($request->param['request_uri'])) { if (!$dataHandler->validateRequestObject($request)) { throw new Akita_OAuth2_Server_Error('400', 'invalid_request', "'request_uri' is invalid"); } } // validate id_token $id_token = isset($request->param['id_token']) ? $request->param['id_token'] : ""; if (!$dataHandler->validateIDToken($prompt, $id_token)) { throw new Akita_OAuth2_Server_Error('400', 'interaction_required'); } }