/**
* Check signature
*
* @param TokenInterface $token
* @param ClientInterface $client
* @return void
*/
protected function checkSignature(TokenInterface $token, ClientInterface $client)
{
if ($client->isSignatureRequired() && !$token->isSigned()) {
throw new OAuthInvalidRequestException('The request is not signed.');
}
if ($client->isSignatureRequired() && $token->isSigned()) {
if (!$this->signature->verify($token->getSignedUrl(), $client->getSecret(), $token->getSignature())) {
throw new OAuthInvalidRequestException('The request signature we calculated does not match the signature you provided.');
}
}
}
