/** * Attempts to authenticate a GrantToken * * @param GrantToken $token * * @return GrantToken * * @throws AuthenticationException */ public function authenticate(TokenInterface $token) { $credentials = $token->getCredentials(); $clientId = $credentials['client_id']; /** @var ClientInterface $client */ $client = $this->clientRepository->find($clientId); // Verify client id if (!$client) { throw new AuthenticationException("Client with id {$clientId} does not exist"); } // Verify client secret $clientSecret = $credentials['client_secret']; if (!$client->getSecret() === $clientSecret) { throw new AuthenticationException("Invalid client secret"); } // Verify grant type if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) { throw new AuthenticationException("Grant type not allowed"); } if ($client->getUser() === null) { throw new AuthenticationException("Client is not associated with any user"); } $token->setUser($client->getUser()); $token->setClient($client); return $token; }
/** * Attempts to authenticate a GrantToken * * @param GrantToken $token * * @return GrantToken * * @throws AuthenticationException */ public function authenticate(TokenInterface $token) { $credentials = $token->getCredentials(); $clientId = $credentials['client_id']; /** @var ClientInterface $client */ $client = $this->clientRepository->find($clientId); // Verify client id if (!$client) { throw new AuthenticationException("Client with id {$clientId} does not exist"); } // Verify client secret $clientSecret = $credentials['client_secret']; if (!$client->getSecret() === $clientSecret) { throw new AuthenticationException("Invalid client secret"); } // Verify grant type if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) { throw new AuthenticationException("Grant type not allowed"); } // Verify refresh_token $refreshToken = $this->refreshTokenRepository->findOneBy(["token" => $credentials['refresh_token'], "client" => $client]); if ($refreshToken === null) { throw new AuthenticationException("Invalid token"); } // Verify expiry date if ($refreshToken->isExpired()) { throw new AuthenticationException("Token has expired"); } $user = $refreshToken->getUser(); $token->setUser($user); $token->setClient($client); return $token; }
/** * Attempts to authenticate a GrantToken * * @param GrantToken $token * * @return GrantToken * * @throws AuthenticationException */ public function authenticate(TokenInterface $token) { $credentials = $token->getCredentials(); $clientId = $credentials['client_id']; /** @var ClientInterface $client */ $client = $this->clientRepository->find($clientId); // Verify client id if (!$client) { throw new AuthenticationException("Client with id {$clientId} does not exist"); } // Verify client secret $clientSecret = $credentials['client_secret']; if (!$client->getSecret() === $clientSecret) { throw new AuthenticationException("Invalid client secret"); } // Verify grant type if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) { throw new AuthenticationException("Grant type not allowed"); } // Verify redirect uri $redirectUri = $credentials['redirect_uri']; if (!in_array($redirectUri, $client->getRedirectUris())) { throw new AuthenticationException("Invalid redirect uri"); } // Verify authorization code $code = $credentials['code']; $authorizationCode = $this->authorizationCodeRepository->findOneBy(["code" => $code, "client" => $client]); if ($authorizationCode === null) { throw new AuthenticationException("Invalid code"); } // Verify that redirect uri's match if ($authorizationCode->getRedirectUri() !== $redirectUri) { throw new AuthenticationException("Redirect uri does not match redirect uri from previous request"); } // Verify expiry date if ($authorizationCode->isExpired()) { throw new AuthenticationException("Code has expired"); } $user = $authorizationCode->getUser(); $token->setUser($user); $token->setClient($client); return $token; }