public function authenticate(TokenInterface $token) { try { $user = $this->userProvider->loadUserByAccessToken($token->getAccessToken()); $authenticatedToken = new OAuth2Token($user->getRoles()); $authenticatedToken->setAccessToken($token->getAccessToken()); $authenticatedToken->setRefreshToken($token->getRefreshToken()); $authenticatedToken->setUser($user); return $authenticatedToken; } catch (\Exception $e) { throw new AuthenticationException('The OAuth2 Access Token is invalid.'); } throw new AuthenticationException('OAuth2 authentication failed.'); }
/** * {@inheritDoc} */ public function handle(GetResponseEvent $event) { $request = $event->getRequest(); // Look for an access token $authHeader = preg_split('/[\\s]+/', $request->headers->get('Authorization')); $access_token = isset($authHeader[1]) ? $authHeader[1] : $request->get('access_token'); if (!empty($access_token)) { $token = new OAuth2Token(); $token->setAccessToken($access_token); $authToken = $this->authenticationManager->authenticate($token); $this->tokenStorage->setToken($authToken); return; } // By default deny authorization $response = new Response(null, 403); $event->setResponse($response); }
/** * {@inheritDoc} */ protected function attemptAuthentication(Request $request) { // Look for an authorization code if ($request->query->has('code')) { $session = $request->getSession(); // Do with have an authorization code instead? // and do the states match? if ($session->get('state') == $request->query->get('state')) { // Swap authorization code for access token $tokenData = []; $client = new Client(['timeout' => 2, 'connect_timeout' => 2]); if ($this->validateSSL === false) { $client = new Client(['ssl.certificate_authority' => FALSE]); } $request = new \GuzzleHttp\Psr7\Request('POST', $this->serverTokenUri, ['Content-Type' => 'application/x-www-form-urlencoded'], http_build_query(['grant_type' => 'authorization_code', 'code' => $request->query->get('code'), 'client_id' => $this->clientId, 'client_secret' => $this->clientSecret, 'redirect_uri' => $this->redirectUri])); try { $response = $client->send($request); $tokenData = json_decode($response->getBody()->getContents(), true); } catch (\Exception $e) { throw new AuthenticationException('Authorization Code Invalid'); } if (isset($tokenData) && is_array($tokenData)) { $token = new OAuth2Token(); $token->setAccessToken($tokenData['access_token']); if (isset($tokenData['refresh_token'])) { $token->setRefreshToken($tokenData['refresh_token']); } $authToken = $this->authenticationManager->authenticate($token); if (isset($authToken)) { return $authToken; } } } } return null; }