/** * Handle the request. * * @return void * * @since 12.3 */ public function execute() { // Verify that we have an OAuth 2.0 application. $this->initialise(); // Get the credentials for the request. $credentials = new MOauth2Credentials($this->request); $credentials->load(); // Getting the client object $client = $this->fetchClient($this->request->client_id); // Doing authentication using Joomla! users if ($credentials->doJoomlaAuthentication($client) == false) { $this->respondError(400, 'unauthorized_client', 'The Joomla! credentials are not valid.'); } // Load the JUser class on application for this client $this->app->loadIdentity($client->_identity); // Ensure the credentials are authorised. if ($credentials->getType() === MOauth2Credentials::TOKEN) { $this->respondError(400, 'invalid_request', 'The token is not for a temporary credentials set.'); } // Ensure the credentials are authorised. if ($credentials->getType() !== MOauth2Credentials::AUTHORISED) { $this->respondError(400, 'invalid_request', 'The token has not been authorised by the resource owner.'); } // Convert the credentials to valid Token credentials for requesting protected resources. $credentials->convert(); // Build the response for the client. $response = array('access_token' => $credentials->getAccessToken(), 'expires_in' => 'P60M', 'refresh_token' => $credentials->getRefreshToken()); // Check if the request is CORS ( Cross-origin resource sharing ) and change the body if true $body = $this->prepareBody($response); // Set the response code and body. $this->response->setHeader('status', '200')->setBody($body)->respond(); }