/** * Looks for an already present access_token * * @param ServerRequestEvent $event */ public function onAuthorizationResponse(ServerRequestEvent $event) { $arguments = $event->getServerRequest()->getQueryParams(); if (isset($arguments['access_token'])) { die("TODO: IMPLICIT"); } }
/** * Looks for the code parameter and stores it in the token storage if present * * @param ServerRequestEvent $event */ public function onAuthorizationResponse(ServerRequestEvent $event) { $arguments = $event->getServerRequest()->getQueryParams(); if (!isset($arguments['code'])) { return; } $expiresIn = 60; $token = $this->tokenManager->createToken("authorization_code"); $token->setToken($arguments['code']); $token->setExpiresIn($expiresIn); $this->tokenManager->persistToken($token); }
/** * Validates the CSRF token * * @param ServerRequestEvent $event * * @throws CsrfException */ public function onAuthorizationResponse(ServerRequestEvent $event) { $arguments = $event->getServerRequest()->getQueryParams(); if (!isset($arguments['state'])) { throw new CsrfException(); } $stateToken = $this->tokenManager->findToken("state"); if ($stateToken === null) { throw new CsrfException(); } $state = $stateToken->getToken(); if ($state !== $arguments['state']) { throw new CsrfException(); } $this->tokenManager->removeToken($stateToken); }