/**
* Attempts to authenticate a GrantToken
*
* @param GrantToken $token
*
* @return GrantToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$credentials = $token->getCredentials();
$clientId = $credentials['client_id'];
/** @var ClientInterface $client */
$client = $this->clientRepository->find($clientId);
// Verify client id
if (!$client) {
throw new AuthenticationException("Client with id {$clientId} does not exist");
}
// Verify client secret
$clientSecret = $credentials['client_secret'];
if (!$client->getSecret() === $clientSecret) {
throw new AuthenticationException("Invalid client secret");
}
// Verify grant type
if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
throw new AuthenticationException("Grant type not allowed");
}
if ($client->getUser() === null) {
throw new AuthenticationException("Client is not associated with any user");
}
$token->setUser($client->getUser());
$token->setClient($client);
return $token;
}
/**
* Attempts to authenticate a GrantToken
*
* @param GrantToken $token
*
* @return GrantToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$credentials = $token->getCredentials();
$clientId = $credentials['client_id'];
/** @var ClientInterface $client */
$client = $this->clientRepository->find($clientId);
// Verify client id
if (!$client) {
throw new AuthenticationException("Client with id {$clientId} does not exist");
}
// Verify client secret
$clientSecret = $credentials['client_secret'];
if (!$client->getSecret() === $clientSecret) {
throw new AuthenticationException("Invalid client secret");
}
// Verify grant type
if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
throw new AuthenticationException("Grant type not allowed");
}
// Verify refresh_token
$refreshToken = $this->refreshTokenRepository->findOneBy(["token" => $credentials['refresh_token'], "client" => $client]);
if ($refreshToken === null) {
throw new AuthenticationException("Invalid token");
}
// Verify expiry date
if ($refreshToken->isExpired()) {
throw new AuthenticationException("Token has expired");
}
$user = $refreshToken->getUser();
$token->setUser($user);
$token->setClient($client);
return $token;
}
/**
* Attempts to authenticate a GrantToken
*
* @param GrantToken $token
*
* @return GrantToken
*
* @throws AuthenticationException
*/
public function authenticate(TokenInterface $token)
{
$credentials = $token->getCredentials();
$clientId = $credentials['client_id'];
/** @var ClientInterface $client */
$client = $this->clientRepository->find($clientId);
// Verify client id
if (!$client) {
throw new AuthenticationException("Client with id {$clientId} does not exist");
}
// Verify client secret
$clientSecret = $credentials['client_secret'];
if (!$client->getSecret() === $clientSecret) {
throw new AuthenticationException("Invalid client secret");
}
// Verify grant type
if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
throw new AuthenticationException("Grant type not allowed");
}
// Verify redirect uri
$redirectUri = $credentials['redirect_uri'];
if (!in_array($redirectUri, $client->getRedirectUris())) {
throw new AuthenticationException("Invalid redirect uri");
}
// Verify authorization code
$code = $credentials['code'];
$authorizationCode = $this->authorizationCodeRepository->findOneBy(["code" => $code, "client" => $client]);
if ($authorizationCode === null) {
throw new AuthenticationException("Invalid code");
}
// Verify that redirect uri's match
if ($authorizationCode->getRedirectUri() !== $redirectUri) {
throw new AuthenticationException("Redirect uri does not match redirect uri from previous request");
}
// Verify expiry date
if ($authorizationCode->isExpired()) {
throw new AuthenticationException("Code has expired");
}
$user = $authorizationCode->getUser();
$token->setUser($user);
$token->setClient($client);
return $token;
}
