/** * Get the client (after authenticating it) * * According to the spec (http://tools.ietf.org/html/rfc6749#section-2.3), for public clients we do * not need to authenticate them * * @return Client|null * @throws OAuth2Exception (invalid_client) When a client secret is missing or client authentication failed */ private function getClient(ServerRequestInterface $request, bool $allowPublicClients) { list($id, $secret) = $this->extractClientCredentials($request); // If the grant type we are issuing does not allow public clients, and that the secret is // missing, then we have an error... if (!$allowPublicClients && !$secret) { throw OAuth2Exception::invalidClient('Client secret is missing'); } // If we allow public clients and no client id was set, we can return null if ($allowPublicClients && !$id) { return null; } $client = $this->clientService->getClient($id); // We delegate all the checks to the client service if (null === $client || !$allowPublicClients && !$client->authenticate($secret)) { throw OAuth2Exception::invalidClient('Client authentication failed'); } return $client; }
public function testCanGetClient() { $client = new Client(); $this->clientRepository->expects($this->once())->method('findById')->with('client_id')->will($this->returnValue($client)); $this->assertSame($client, $this->clientService->getClient('client_id')); }
public function testCanGetClient() { $client = Client::reconstitute(['id' => 'client_id', 'name' => 'name', 'secret' => '', 'redirectUris' => []]); $this->clientRepository->expects($this->once())->method('findById')->with('client_id')->will($this->returnValue($client)); $this->assertSame($client, $this->clientService->getClient('client_id')); }