/** * Check signature * * @param TokenInterface $token * @param ClientInterface $client * @return void */ protected function checkSignature(TokenInterface $token, ClientInterface $client) { if ($client->isSignatureRequired() && !$token->isSigned()) { throw new OAuthInvalidRequestException('The request is not signed.'); } if ($client->isSignatureRequired() && $token->isSigned()) { if (!$this->signature->verify($token->getSignedUrl(), $client->getSecret(), $token->getSignature())) { throw new OAuthInvalidRequestException('The request signature we calculated does not match the signature you provided.'); } } }