/** * Looks for the code parameter and stores it in the token storage if present * * @param ServerRequestEvent $event */ public function onAuthorizationResponse(ServerRequestEvent $event) { $arguments = $event->getServerRequest()->getQueryParams(); if (!isset($arguments['code'])) { return; } $expiresIn = 60; $token = $this->tokenManager->createToken("authorization_code"); $token->setToken($arguments['code']); $token->setExpiresIn($expiresIn); $this->tokenManager->persistToken($token); }
/** * Looks for a refresh_token in the response body * * @param ResponseEvent $event */ public function onTokenResponse(ResponseEvent $event) { $body = (string) $event->getResponse()->getBody(); $arguments = json_decode($body, true); if (!isset($arguments['refresh_token'])) { return; } $expiresIn = 14 * 24 * 60 * 60; // Two weeks $refreshToken = $this->tokenManager->createToken("refresh_token"); $refreshToken->setToken($arguments['refresh_token']); $refreshToken->setExpiresIn($expiresIn); $this->tokenManager->persistToken($refreshToken); }
/** * Validates the CSRF token * * @param ServerRequestEvent $event * * @throws CsrfException */ public function onAuthorizationResponse(ServerRequestEvent $event) { $arguments = $event->getServerRequest()->getQueryParams(); if (!isset($arguments['state'])) { throw new CsrfException(); } $stateToken = $this->tokenManager->findToken("state"); if ($stateToken === null) { throw new CsrfException(); } $state = $stateToken->getToken(); if ($state !== $arguments['state']) { throw new CsrfException(); } $this->tokenManager->removeToken($stateToken); }