public function callback($code, $state, Closure $callback) { $params = $this->store->load('openid_connect_request'); if (empty($params)) { throw new Exception('Request was not initialized'); } if (empty($state)) { throw new Exception('State parameter not set'); } if ($params->getState() != $state) { throw new Exception('Invalid state'); } $auth = new AuthorizationCode($this->http, $this->creds->getAccessTokenUrl()); $auth->setClientPassword($this->creds->getClientId(), $this->creds->getClientSecret(), AuthorizationAbstract::AUTH_POST); $auth->setAccessTokenClass('PSX\\OpenId\\Connect\\AccessToken'); $token = $auth->getAccessToken($code, $params->getRedirectUri()); $webToken = $token->getIdToken(); if ($webToken instanceof WebToken) { $claim = Json::decode($webToken->getPayload()); $callback($claim); } else { throw new Exception('No id token given'); } }