public function getTokenIntrospection(Request $request, $tokenValue) { if (null === $tokenValue) { throw new BadRequestException('invalid_token', 'the token parameter is missing'); } // FIXME: validate token format $accessToken = $this->db->getAccessToken($tokenValue); if (false === $accessToken) { // token does not exist $tokenInfo = array('active' => false); } elseif ($this->io->getTime() > $accessToken['issue_time'] + $accessToken['expires_in']) { // token expired $tokenInfo = array('active' => false); } else { // token exists and did not expire $tokenInfo = array('active' => true, 'exp' => intval($accessToken['issue_time'] + $accessToken['expires_in']), 'iat' => intval($accessToken['issue_time']), 'scope' => $accessToken['scope'], 'iss' => $request->getUrl()->getHost(), 'client_id' => $accessToken['client_id'], 'sub' => $accessToken['resource_owner_id'], 'user_id' => $accessToken['resource_owner_id'], 'token_type' => 'bearer'); // as long as we have no RS registration we cannot set the audience... // $tokenInfo['aud'] => 'foo'; } $response = new JsonResponse(); $response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache')); $response->setBody($tokenInfo); return $response; }