public function postToken(Request $request, UserInfoInterface $userInfo) { $tokenRequest = new TokenRequest($request); $grantType = $tokenRequest->getGrantType(); $clientId = $tokenRequest->getClientId(); // the userId from Basic Autentication is the same as the client_id $userId = $userInfo->getUserId(); $clientData = $this->db->getClient($userId); if (false === $clientData) { throw new RuntimeException('authenticated, but client no longer exists'); } if (null !== $clientId) { if ($clientId !== $userId) { throw new BadRequestException('invalid_grant', 'authenicated user must match client_id in request body'); } } if ('code' !== $clientData->getType()) { throw new BadRequestException('invalid_client', 'this client type is not allowed to use the token endpoint'); } switch ($grantType) { case 'authorization_code': $accessToken = $this->handleCode($tokenRequest, $clientData); break; case 'refresh_token': $accessToken = $this->handleRefreshToken($tokenRequest, $clientData); break; default: throw new BadRequestException('invalid_request', 'unsupported grant_type'); } $response = new JsonResponse(); $response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache')); $response->setBody($accessToken); return $response; }
public function postAuthorization(Request $request, UserInfoInterface $userInfo) { $authorizeRequest = new AuthorizeRequest($request); $clientId = $authorizeRequest->getClientId(); $responseType = $authorizeRequest->getResponseType(); $redirectUri = $authorizeRequest->getRedirectUri(); $scope = $authorizeRequest->getScope(); $state = $authorizeRequest->getState(); $clientData = $this->storage->getClient($clientId); if (false === $clientData) { throw new BadRequestException('client not registered'); } // if no redirect_uri is part of the query parameter, use the one from // the client registration if (null === $redirectUri) { $redirectUri = $clientData->getRedirectUri(); } if ('approve' !== $request->getPostParameter('approval')) { return new ClientResponse($clientData, $request, $redirectUri, array('error' => 'access_denied', 'error_description' => 'not authorized by resource owner')); } $this->addApproval($clientData, $userInfo->getUserId(), $scope); // redirect to self return new RedirectResponse($request->getUrl()->toString(), 302); }
public function deleteApproval(Request $request, UserInfoInterface $userInfo) { $id = $request->getUrl()->getQueryParameter('id'); $this->db->deleteApproval($id, $userInfo->getUserId()); return new RedirectResponse($request->getUrl()->getRootUrl() . 'approvals.php', 302); }