public function login(ProviderInterface $provider, $code, $state)
{
if ($code === null) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$this->stateStorage->storeState($provider->state);
return $authUrl;
// Check given state against previously stored one to mitigate CSRF attack
} elseif ($state === null || $state !== $this->stateStorage->loadState()) {
$this->stateStorage->storeState(null);
throw new InvalidStateException();
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $code]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$userDetails = $provider->getUserDetails($token);
$this->managerEvent($this->manager);
return $this->manager->persistOAuthAccount(get_class($provider), $token, $userDetails);
} catch (IDPException $e) {
throw new AuthenticationException();
}
}
}
/**
* Execute OAuth2 authentication and return the user.
*/
static function auth(ProviderInterface $provider)
{
if (!require_get("code", false)) {
redirect($provider->getAuthorizationUrl());
return false;
} else {
// optionally check for abuse etc
if (!\Openclerk\Events::trigger('oauth2_auth', $provider)) {
throw new UserAuthenticationException("Login was cancelled by the system.");
}
$token = $provider->getAccessToken('authorization_code', array('code' => require_get("code")));
// now find the relevant user
return $provider->getUserDetails($token);
}
}
/**
* @return AccessToken
*/
public function refresh()
{
try {
$this->token = $this->provider->getAccessToken('refresh_token', ['refresh_token' => $this->token->refreshToken]);
} catch (BadResponseException $e) {
throw new AccessTokenExpiredException(self::REFRESH_TOKEN_EXPIRED_MESSAGE);
}
return $this->token;
}
public function authorize()
{
$request = $this->getRequest();
$session = $request->getSession();
if (!$request->query->has('code')) {
// If we don't have an authorization code then get one
$authUrl = $this->provider->getAuthorizationUrl();
$session->set('oauth2state', $this->provider->state);
$response = new RedirectResponse($authUrl);
$response->send();
} elseif (empty($request->query->get('state')) || $request->query->get('state') !== $session->get('oauth2state')) {
$session->remove('oauth2state');
throw new \InvalidArgumentException('Invalid State');
} else {
// Try to get an access token (using the authorization code grant)
$this->token = $this->provider->getAccessToken('authorization_code', ['code' => $this->request->query->get('code')]);
}
return $this->token->accessToken;
}
