/** * @param \OAuth2\Grant\ResponseTypeSupportInterface[] $types * @param \OAuth2\Endpoint\Authorization $authorization * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Endpoint\ResponseModeInterface */ public function getResponseMode(array $types, Authorization $authorization) { if (null !== $authorization->getResponseMode() && true === $this->getConfiguration()->get('allow_response_mode_parameter_in_authorization_request', false)) { // The client uses the response_mode parameter and the server allows it $mode = $authorization->getResponseMode(); } elseif (null !== ($multiple = $this->getResponseModeIfMultipleResponseTypes($authorization->getResponseType()))) { // The response type contains multiple types defined by OpenID Connect Specification $mode = $multiple; } elseif (1 < count($types)) { // The response type contains multiple types but not defined by OpenID Connect Specification throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('The response mode "%s" is not supported.', $authorization->getResponseType())); } else { // The response type contains only one type $mode = $types[0]->getResponseMode(); } if (!array_key_exists($mode, $this->response_modes)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, sprintf('Unable to retrieve response mode for response type "%s".', $authorization->getResponseType())); } return $this->response_modes[$mode]; }
/** * @param \OAuth2\Endpoint\Authorization $authorization * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Grant\ResponseTypeSupportInterface[] */ protected function getResponseTypes(Authorization $authorization) { /* * @see http://tools.ietf.org/html/rfc6749#section-3.1.1 */ if (null === $authorization->getResponseType()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Invalid "response_type" parameter or parameter is missing'); } $types = explode(' ', $authorization->getResponseType()); $response_types = []; /* * Multiple response types support must be enabled. * This option should be set to true only if OpenID Connect is used. */ if (1 < count($types) && false === $this->getConfiguration()->get('multiple_response_types_support_enabled', false)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Multiple response types is disabled.'); } foreach ($types as $type) { if (1 < count(array_keys($types, $type))) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'A response type appears more than once.'); } if (array_key_exists($type, $this->response_types)) { $response_types[] = $this->response_types[$type]; } else { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Response type "' . $type . '" is not supported by this server'); } if (!$authorization->getClient()->isAllowedGrantType($type)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::UNAUTHORIZED_CLIENT, 'The response type "' . $authorization->getResponseType() . '" is unauthorized for this client.'); } } return $response_types; }