/** * {@inheritdoc} */ public function prepareAuthorization(AuthorizationInterface $authorization) { if (!in_array('openid', $authorization->getScopes())) { return []; } if (!array_key_exists('nonce', $authorization->getQueryParams())) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'The parameter "nonce" is mandatory using "id_token" response type.'); } return []; }
/** * @param \Symfony\Component\Form\FormInterface $form * @param \Psr\Http\Message\ServerRequestInterface $request * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization * @param \SpomkyLabs\OAuth2ServerBundle\Plugin\AuthorizationEndpointPlugin\Form\Model\AuthorizationModel $authorization_model * * @return bool */ public function handle(FormInterface $form, ServerRequestInterface $request, AuthorizationInterface $authorization, AuthorizationModel $authorization_model) { if ('POST' !== $request->getMethod()) { return false; } $httpFoundationFactory = new HttpFoundationFactory(); $symfony_request = $httpFoundationFactory->createRequest($request); $form->submit($symfony_request->get($form->getName())); if (!$form->isValid()) { return false; } $button = $form->get('accept'); if (!$button instanceof ClickableInterface) { throw new InvalidArgumentException('Unable to find the button named "accept".'); } $authorization->setAuthorized($button->isClicked()); $refused_scopes = array_diff($authorization->getScopes(), $authorization_model->getScopes()); foreach ($refused_scopes as $refused_scope) { $authorization->removeScope($refused_scope); } return true; }
/** * {@inheritdoc} */ public function prepareAuthorization(AuthorizationInterface $authorization) { $token_type = $this->getTokenTypeFromRequest($authorization->getQueryParams()); $token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getUserAccount(), $token_type->getTokenTypeInformation(), $authorization->getQueryParams(), $authorization->getScopes(), null, null, ['redirect_uri' => $authorization->getQueryParam('redirect_uri')]); $authorization->setData('access_token', $token); foreach ($this->listeners as $listener) { $listener->call($token); } return []; }
/** * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization * * @return null|\OAuth2\Endpoint\Authorization\PreConfiguredAuthorization\PreConfiguredAuthorizationInterface */ private function findPreConfiguredAuthorization(AuthorizationInterface $authorization) { if (null !== $this->getPreConfiguredAuthorizationManager()) { return $this->getPreConfiguredAuthorizationManager()->findOnePreConfiguredAuthorization($authorization->getUserAccount()->getUserPublicId(), $authorization->getClient()->getPublicId(), $authorization->getScopes()); } }
/** * {@inheritdoc} */ public function prepareAuthorization(AuthorizationInterface $authorization) { $token_type = $this->getTokenTypeFromRequest($authorization->getQueryParams()); $token = $this->getAccessTokenManager()->createAccessToken($authorization->getClient(), $authorization->getUserAccount(), $token_type->getTokenTypeInformation(), $authorization->getQueryParams(), $authorization->getScopes(), null, null, ['redirect_uri' => $authorization->getRedirectUri()]); $authorization->setData('access_token', $token); return $token->toArray(); }
/** * @param \OAuth2\Endpoint\Authorization\AuthorizationInterface $authorization * * @return bool */ private function isOfflineAccess(AuthorizationInterface $authorization) { // The scope offline_access is not requested if (!in_array('offline_access', $authorization->getScopes())) { return false; } // The scope offline_access is requested but prompt is not consent // The scope offline_access is ignored if (!$authorization->hasQueryParam('prompt') || !in_array('consent', $authorization->getQueryParam('prompt'))) { $authorization->removeScope('offline_access'); return false; } return true; }