/**
* Processes an OAuth token request where an authorisation code is supplied.
*
* @param Request $request the OAuth token request
* @param Response $response the OAuth response
* @since 2.0
*/
protected function tokenFromCode($request, $response)
{
// 1. Check code parameter
if (!isset($request['code']) || $request['code'] == '') {
$this->logger->log(LogLevel::ERROR, 'Token request failed: code not set');
$response->setError('invalid_request', 'code not set');
return;
}
// 2. Load the authorization and delete all tokens with this source
$code = Code::decode($request['code']);
$authorization = $code->getAuthorization();
if ($authorization == null) {
$this->logger->log(LogLevel::ERROR, 'Token request failed: Authorisation not found or expired');
$response->setError('invalid_grant', 'Authorization code not found or expired');
return;
}
$authorization->revokeTokensFromSource($code);
// 3. Check for validity
if (!$code->isValid()) {
$this->logger->log(LogLevel::ERROR, 'Token request failed: Authorisation code not found or expired: ' . $request['code']);
$response->setError('invalid_grant', 'Authorization code not found or expired');
return;
}
// 4. Check request URI
if ($code->getRedirectURI()) {
if (!isset($request['redirect_uri']) || $code->getRedirectURI() != $request['redirect_uri']) {
$this->logger->log(LogLevel::ERROR, 'Token request failed: redirect_uri in request <' . $request['redirect_uri'] . '> does not match authorisation code <' . $code->getRedirectURI() . '>');
$response->setError('invalid_grant', 'redirect_uri does not match');
return;
}
}
$scope = $code->getScope();
// If we issue, we delete the code so that it can't be used again
$code->clear();
$response->loadData($authorization->issueTokens($scope, SIMPLEID_SHORT_TOKEN_EXPIRES_IN, $code));
// Call modules
$this->mgr->invokeAll('oAuthToken', 'authorization_code', $authorization, $request, $response, $scope);
return $authorization;
}
