public function postToken(Request $request, UserInfoInterface $userInfo)
{
$tokenRequest = new TokenRequest($request);
$grantType = $tokenRequest->getGrantType();
$clientId = $tokenRequest->getClientId();
// the userId from Basic Autentication is the same as the client_id
$userId = $userInfo->getUserId();
$clientData = $this->db->getClient($userId);
if (false === $clientData) {
throw new RuntimeException('authenticated, but client no longer exists');
}
if (null !== $clientId) {
if ($clientId !== $userId) {
throw new BadRequestException('invalid_grant', 'authenicated user must match client_id in request body');
}
}
if ('code' !== $clientData->getType()) {
throw new BadRequestException('invalid_client', 'this client type is not allowed to use the token endpoint');
}
switch ($grantType) {
case 'authorization_code':
$accessToken = $this->handleCode($tokenRequest, $clientData);
break;
case 'refresh_token':
$accessToken = $this->handleRefreshToken($tokenRequest, $clientData);
break;
default:
throw new BadRequestException('invalid_request', 'unsupported grant_type');
}
$response = new JsonResponse();
$response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache'));
$response->setBody($accessToken);
return $response;
}
public function postAuthorization(Request $request, UserInfoInterface $userInfo)
{
$authorizeRequest = new AuthorizeRequest($request);
$clientId = $authorizeRequest->getClientId();
$responseType = $authorizeRequest->getResponseType();
$redirectUri = $authorizeRequest->getRedirectUri();
$scope = $authorizeRequest->getScope();
$state = $authorizeRequest->getState();
$clientData = $this->storage->getClient($clientId);
if (false === $clientData) {
throw new BadRequestException('client not registered');
}
// if no redirect_uri is part of the query parameter, use the one from
// the client registration
if (null === $redirectUri) {
$redirectUri = $clientData->getRedirectUri();
}
if ('approve' !== $request->getPostParameter('approval')) {
return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'access_denied', 'error_description' => 'not authorized by resource owner'));
}
$this->addApproval($clientData, $userInfo->getUserId(), $scope);
// redirect to self
return new RedirectResponse($request->getUrl()->toString(), 302);
}
public function deleteApproval(Request $request, UserInfoInterface $userInfo)
{
$id = $request->getUrl()->getQueryParameter('id');
$this->db->deleteApproval($id, $userInfo->getUserId());
return new RedirectResponse($request->getUrl()->getRootUrl() . 'approvals.php', 302);
}
