/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getClientPublicId()) { return; } if ($configuration->getClientPublicId() !== $token->getClient()->getPublicId()) { return 'Client not authorized.'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getResourceOwnerPublicId()) { return; } if ($configuration->getResourceOwnerPublicId() !== $token->getResourceOwner()->getPublicId()) { return 'Resource owner not authorized'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getClientType()) { return; } $result = $this->isTypeValid($configuration->getClientType(), $token->getClient()); if (false === $result) { return 'Bad client type'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getResourceOwnerType()) { return; } $result = $this->isTypeValid($configuration->getResourceOwnerType(), $token->getResourceOwner()); if (false === $result) { return 'Bad resource owner type'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getScope()) { return; } // If the scope of the access token are not sufficient, then returns an authentication error $tokenScope = $this->getScopeManager()->convertToScope($token->getAccessToken()->getScope()); $requiredScope = $this->getScopeManager()->convertToScope($configuration->getScope()); if (!$this->getScopeManager()->checkScopes($requiredScope, $tokenScope)) { return 'Insufficient scope'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getScope()) { return; } $language = $this->getExpressionLanguage(); $result = $language->evaluate($configuration->getScope(), ['scope' => $token->getAccessToken()->getScope()]); // If the scope of the access token does not fulfill the scope rule, then returns an authentication error if (false === $result) { return sprintf('Insufficient scope. The scope rule is: %s', $configuration->getScope()); } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getClientType()) { return; } if (self::TYPE_PUBLIC === $configuration->getClientType() && 'none' === $token->getClient()->get('token_endpoint_auth_method')) { return; } if (self::TYPE_CONFIDENTIAL === $configuration->getClientType() && 'none' !== $token->getClient()->get('token_endpoint_auth_method')) { return; } return 'Resource owner not authorized.'; }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getResourceOwnerType()) { return; } if (self::TYPE_CLIENT === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof ClientInterface) { return; } if (self::TYPE_USER === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof UserAccountInterface) { return; } return 'Resource owner not authorized.'; }