public function testToken() { $token = new OAuth2AccessToken(); $token->setAccessToken('foo'); $this->assertEquals('foo', $token->getAccessToken()); $this->assertEquals('foo', $token->getCredentials()); }
/** * Handle Access Token * * @param Request $request * @return OAuth2AccessToken */ protected function handleAccessToken(Request $request) { $accessToken = null; $header = $request->headers->get('authorization'); if (!empty($header)) { $pos = strpos($header, 'Bearer'); if ($pos !== false) { $accessToken = substr($header, $pos + 7); } } if (empty($accessToken) && $request->query->has('access_token')) { $accessToken = $request->query->get('access_token'); } if (empty($accessToken) && $request->getMethod() == 'POST' && $request->server->get('content_type') == 'application/x-www-form-urlencoded') { $accessToken = $request->request->get('access_token'); } if (empty($accessToken)) { return null; } if (null !== $this->logger) { $this->logger->info('OAuth2 authentication Authorization header found for user.'); } $token = new OAuth2AccessToken(); $token->setAccessToken($accessToken); $token->setSignature($this->getSignature($request)); $token->setSignedUrl($request->getUri()); return $token; }
/** * Authenticate with access token * * @param TokenInterface $token * @return OAuth2AccessToken */ protected function authenticateAccessToken(TokenInterface $token) { $accessToken = $this->accessTokenProvider->get($token->getAccessToken()); $this->checkAccessToken($accessToken); $client = $this->clientProvider->get($accessToken->getClient()); $this->checkClient($client); $this->checkSignature($token, $client); // check scope $user = $this->userProvider->loadUserByUsername($accessToken->getUsername()); try { $this->userChecker->checkPreAuth($user); } catch (AccountStatusException $e) { throw new OAuthAccessTokenNotFoundException($e->getMessage(), 401, $e, $this->realmName); } $retval = new OAuth2AccessToken($user->getRoles()); $retval->setAuthenticated(true); $retval->setAccessToken($accessToken->getId()); $retval->setUser($user); $retval->setClient($client); $retval->setSignature($token->getSignature()); return $retval; }