/** * @param OpenIdRequest $request * @param OpenIdResponse $response * @param ResponseContext $context * @return mixed|void */ public function prepareResponse(OpenIdRequest $request, OpenIdResponse $response, ResponseContext $context) { try { $oauth2_request = new OpenIdOAuth2Request($request->getMessage()); if (!$oauth2_request->isValid()) { return; } //get auth code $oauth2_msg = new OAuth2Message(array(OAuth2Protocol::OAuth2Protocol_ClientId => $oauth2_request->getClientId(), OAuth2Protocol::OAuth2Protocol_Scope => $oauth2_request->getScope(), OAuth2Protocol::OAuth2Protocol_RedirectUri => $request->getParam(OpenIdProtocol::OpenIDProtocol_ReturnTo), OAuth2Protocol::OAuth2Protocol_State => $oauth2_request->getState(), OAuth2Protocol::OAuth2Protocol_Approval_Prompt => $oauth2_request->getApprovalPrompt(), OAuth2Protocol::OAuth2Protocol_AccessType => $oauth2_request->getAccessType(), OAuth2Protocol::OAuth2Protocol_ResponseType => OAuth2Protocol::OAuth2Protocol_ResponseType_Code)); // do oauth2 Authorization Code Grant 1st step (get auth code to exchange for an access token) // http://tools.ietf.org/html/rfc6749#section-4.1 $oauth2_response = $this->oauth2_protocol->authorize(new OAuth2AuthorizationRequest($oauth2_msg)); if (get_class($oauth2_response) == 'oauth2\\responses\\OAuth2AuthorizationResponse') { //add namespace $response->addParam(self::paramNamespace(), self::NamespaceUrl); $context->addSignParam(self::paramNamespace()); //add auth code $response->addParam(self::param(self::RequestToken), $oauth2_response->getAuthCode()); $context->addSignParam(self::param(self::RequestToken)); //add requested scope $response->addParam(self::param(self::Scope), $oauth2_response->getScope()); $context->addSignParam(self::param(self::Scope)); //add state $response->addParam(self::param(self::State), $oauth2_request->getState()); $context->addSignParam(self::param(self::State)); } } catch (Exception $ex) { $this->log_service->error($ex); $this->checkpoint_service->trackException($ex); //http://step2.googlecode.com/svn/spec/openid_oauth_extension/latest/openid_oauth_extension.html#AuthResp /* * To note that the OAuth Authorization was declined or not valid, the Combined Provider SHALL only * respond with the parameter "openid.ns.oauth". */ //add namespace $response->addParam(self::paramNamespace(), self::NamespaceUrl); $context->addSignParam(self::paramNamespace()); } }