/** * {@inheritdoc} */ public function handle(AccessTokenInterface $access_token) { $this->checkScope($access_token->getScope()); $this->checkHasRedirectUri($access_token); $client = $this->getClient($access_token); $user = $this->getUserAccount($access_token); $endpoint_claims = $this->getEndpointClaims($access_token); $claims = $this->getUserinfo()->getUserinfo($client, $user, $access_token->getMetadata('redirect_uri'), $access_token->hasMetadata('claims_locales') ? $access_token->getMetadata('claims_locales') : null, $endpoint_claims, $access_token->getScope()); if (true === $this->isSignedResponsesSupportEnabled()) { $claims = array_merge($claims, ['jti' => Base64Url::encode(random_bytes(25)), 'iss' => $this->getIssuer(), 'aud' => [$this->getIssuer(), $client->getPublicId()], 'iat' => time(), 'nbf' => time(), 'exp' => $access_token->getExpiresAt()]); return $this->signAndEncrypt($claims, $client); } return $claims; }
/** * @param \OAuth2\Token\AccessTokenInterface $access_token * @param \OAuth2\Client\ClientInterface|null $resource_server * * @return array */ protected function preparePayload(AccessTokenInterface $access_token, ClientInterface $resource_server = null) { $aud = [$this->getIssuer()]; if (null !== $resource_server) { $access_token[] = $resource_server->getPublicId(); } $payload = ['jti' => Base64Url::encode(random_bytes(25)), 'iss' => $this->getIssuer(), 'aud' => $aud, 'iat' => time(), 'nbf' => time(), 'exp' => $access_token->getExpiresAt(), 'sub' => $access_token->getClientPublicId(), 'token_type' => $access_token->getTokenTypeParameter('token_type'), 'scp' => $access_token->getScope(), 'resource_owner' => $access_token->getResourceOwnerPublicId(), 'user_account' => $access_token->getUserAccountPublicId()]; $payload['metadatas'] = $access_token->getMetadatas(); if (0 !== ($expires_at = $access_token->getExpiresAt())) { $payload['exp'] = $expires_at; } if (!empty($access_token->getParameters())) { $parameters = $access_token->getParameters(); //This part should be updated to support 'cnf' (confirmation) claim (see POP). $payload['other'] = $parameters; } if (null !== $access_token->getRefreshToken()) { $payload['refresh_token'] = $access_token->getRefreshToken(); } return $payload; }