/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if ($client->isPublic()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a confidential client'); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (!$client instanceof ConfidentialClientInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_CLIENT, 'The client is not a confidential client'); } $issue_refresh_token = $this->getConfiguration()->get('issue_refresh_token_with_client_credentials_grant_type', false); $scope = RequestBody::getParameter($request, 'scope'); $grant_type_response->setRequestedScope($scope); $grant_type_response->setAvailableScope(null); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($scope); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $username = RequestBody::getParameter($request, 'username'); $password = RequestBody::getParameter($request, 'password'); $end_user = $this->getEndUserManager()->getEndUser($username); if (null === $end_user || !$this->getEndUserManager()->checkEndUserPasswordCredentials($end_user, $password)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid username and password combination'); } $scope = RequestBody::getParameter($request, 'scope'); $grant_type_response->setRequestedScope($scope); $grant_type_response->setAvailableScope(null); $grant_type_response->setResourceOwnerPublicId($end_user->getPublicId()); $grant_type_response->setRefreshTokenIssued($this->getIssueRefreshToken($client, $end_user)); $grant_type_response->setRefreshTokenScope($scope); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $refresh_token = RequestBody::getParameter($request, 'refresh_token'); if (null === $refresh_token) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token); if (!$token instanceof RefreshTokenInterface || $token->isUsed()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid refresh token'); } $this->checkRefreshToken($token, $client); $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $token->getScope()); $grant_type_response->setAvailableScope($token->getScope()); $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId()); $grant_type_response->setRefreshTokenIssued(true); $grant_type_response->setRefreshTokenScope($token->getScope()); $grant_type_response->setRefreshTokenRevoked($token); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $refresh_token = RequestBody::getParameter($request, 'refresh_token'); if (null === $refresh_token) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token); if (!$token instanceof RefreshTokenInterface) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token'); } $this->checkRefreshToken($token, $client); if (empty($grant_type_response->getRequestedScope())) { $grant_type_response->setRequestedScope($token->getScope()); } $grant_type_response->setAvailableScope($token->getScope()); $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId()); $grant_type_response->setRefreshTokenIssued(true); $grant_type_response->setRefreshTokenScope($token->getScope()); $grant_type_response->setRefreshTokenRevoked($token); $grant_type_response->setAdditionalData('metadatas', $token->getMetadatas()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (false === $client->hasPublicKeySet()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.'); } $jwt = $grant_type_response->getAdditionalData('jwt'); try { $this->getJWTLoader()->verify($jwt, $client->getPublicKeySet()); } catch (\Exception $e) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage()); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $username = RequestBody::getParameter($request, 'username'); $password = RequestBody::getParameter($request, 'password'); $user_account = $this->getUserAccountManager()->getUserAccountByUsername($username); if (null === $user_account || !$this->getUserAccountManager()->checkUserAccountPasswordCredentials($user_account, $password)) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid username and password combination'); } $grant_type_response->setResourceOwnerPublicId($user_account->getUserPublicId()); $grant_type_response->setUserAccountPublicId($user_account->getPublicId()); $grant_type_response->setRefreshTokenIssued($this->issueRefreshToken($client)); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $this->checkClient($request, $client); $authCode = $this->getAuthCode($request); if (!$authCode instanceof AuthCodeInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, "Code doesn't exist or is invalid for the client."); } $this->checkPKCE($request, $authCode); $this->checkAuthCode($authCode, $client); $redirect_uri = RequestBody::getParameter($request, 'redirect_uri'); // Validate the redirect URI. $this->checkRedirectUri($authCode, $redirect_uri); $this->getAuthCodeManager()->markAuthCodeAsUsed($authCode); $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $authCode->getScope()); $grant_type_response->setAvailableScope($authCode->getScope()); $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId()); $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken()); $grant_type_response->setRefreshTokenScope($authCode->getScope()); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $this->checkClient($request, $client); $authCode = $this->getAuthCode($request); $this->checkPKCE($request, $authCode, $client); $this->checkAuthCode($authCode, $client); $redirect_uri = RequestBody::getParameter($request, 'redirect_uri'); // Validate the redirect URI. $this->checkRedirectUri($authCode, $redirect_uri); $this->getAuthorizationCodeManager()->markAuthCodeAsUsed($authCode); if ($this->hasScopeManager()) { $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ? $this->getScopeManager()->convertToArray(RequestBody::getParameter($request, 'scope')) : $authCode->getScope()); $grant_type_response->setAvailableScope($authCode->getScope()); $grant_type_response->setRefreshTokenScope($authCode->getScope()); } $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($authCode->getUserAccountPublicId()); $grant_type_response->setRedirectUri($authCode->getMetadata('redirect_uri')); // Refresh Token $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken()); $grant_type_response->setAdditionalData('auth_code', $authCode); }