public function login(ProviderInterface $provider, $code, $state) { if ($code === null) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $this->stateStorage->storeState($provider->state); return $authUrl; // Check given state against previously stored one to mitigate CSRF attack } elseif ($state === null || $state !== $this->stateStorage->loadState()) { $this->stateStorage->storeState(null); throw new InvalidStateException(); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $code]); // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $userDetails = $provider->getUserDetails($token); $this->managerEvent($this->manager); return $this->manager->persistOAuthAccount(get_class($provider), $token, $userDetails); } catch (IDPException $e) { throw new AuthenticationException(); } } }
public function authorize() { $request = $this->getRequest(); $session = $request->getSession(); if (!$request->query->has('code')) { // If we don't have an authorization code then get one $authUrl = $this->provider->getAuthorizationUrl(); $session->set('oauth2state', $this->provider->state); $response = new RedirectResponse($authUrl); $response->send(); } elseif (empty($request->query->get('state')) || $request->query->get('state') !== $session->get('oauth2state')) { $session->remove('oauth2state'); throw new \InvalidArgumentException('Invalid State'); } else { // Try to get an access token (using the authorization code grant) $this->token = $this->provider->getAccessToken('authorization_code', ['code' => $this->request->query->get('code')]); } return $this->token->accessToken; }
/** * Execute OAuth2 authentication and return the user. */ static function auth(ProviderInterface $provider) { if (!require_get("code", false)) { redirect($provider->getAuthorizationUrl()); return false; } else { // optionally check for abuse etc if (!\Openclerk\Events::trigger('oauth2_auth', $provider)) { throw new UserAuthenticationException("Login was cancelled by the system."); } $token = $provider->getAccessToken('authorization_code', array('code' => require_get("code"))); // now find the relevant user return $provider->getUserDetails($token); } }
/** * @param array $params * @return string */ public function getAuthorizationUrl(array $params = []) { return $this->provider->getAuthorizationUrl($params); }