/**
* Grants access token for request
*
* @param IRequest $request
*
* @throws \OAuth2\Exception\InvalidGrantException
* @throws \OAuth2\Exception\InvalidRequestException
* @throws \OAuth2\Exception\UnauthorizedClientException
* @return IAccessToken
*/
public function grant(IRequest $request)
{
$code = $request->request('code');
if (empty($code)) {
throw new InvalidRequestException("Parameter 'code' is missing.");
}
$client = $this->clientAuthenticator->authenticate($request);
if (!$client->isAllowedToUse($this)) {
throw new UnauthorizedClientException('Client can not use this grant type.');
}
$authorizationCode = $this->authorizationCodeStorage->get($code);
if (!$authorizationCode) {
throw new InvalidGrantException('Authorization code is invalid.');
}
if ($authorizationCode->getExpiresAt() < time()) {
throw new InvalidGrantException('Authorization code has expired.');
}
if ($client->getId() !== $authorizationCode->getClient()->getId()) {
throw new InvalidGrantException('Authorization code is invalid.');
}
$redirectUri = $request->request('redirect_uri');
$codeRedirectUri = $authorizationCode->getRedirectUri();
if (!empty($redirectUri)) {
if (empty($codeRedirectUri) || $redirectUri !== $codeRedirectUri) {
throw new InvalidRequestException('Redirect URI is missing, was not used in authorization or is invalid.');
}
} else {
if (!empty($codeRedirectUri)) {
throw new InvalidRequestException('Redirect URI is missing, was not used in authorization or is invalid.');
}
}
return $this->accessTokenStorage->generate($authorizationCode->getUser(), $authorizationCode->getClient(), $authorizationCode->getScopes());
}
function it_issues_an_access_token(IRequest $request, IClientAuthenticator $clientAuthenticator, IAuthorizationCodeStorage $authorizationCodeStorage, IAuthorizationCode $authorizationCode, IAccessTokenStorage $accessTokenStorage, IAccessToken $accessToken, IUser $user, IClient $client, IScope $scope)
{
$request->request('code')->willReturn('a')->shouldBeCalled();
$clientAuthenticator->authenticate($request)->willReturn($client)->shouldBeCalled();
$client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled();
$authorizationCodeStorage->get('a')->willReturn($authorizationCode)->shouldBeCalled();
$authorizationCode->getExpiresAt()->willReturn(time() + 100)->shouldBeCalled();
$client->getId()->willReturn('id')->shouldBeCalled();
$authorizationCode->getClient()->willReturn($client)->shouldBeCalled();
$request->request('redirect_uri')->willReturn(null)->shouldBeCalled();
$authorizationCode->getRedirectUri()->willReturn(null)->shouldBeCalled();
$authorizationCode->getScopes()->willReturn([$scope])->shouldBeCalled();
$authorizationCode->getUser()->willReturn($user)->shouldBeCalled();
$authorizationCode->getClient()->willReturn($client)->shouldBeCalled();
$accessTokenStorage->generate($user, $client, [$scope])->willReturn($accessToken)->shouldBeCalled();
$this->grant($request)->shouldReturn($accessToken);
}
