/**
* Builds a HTTP request based on the token request entity.
*
* @param Request $request
* @param Http\Request $httpRequest
* @return Http\Request
*/
public function buildHttpRequest(Request $request, Http\Request $httpRequest = null)
{
if (null === $httpRequest) {
$httpRequest = new Http\Request();
}
$clientInfo = $request->getClientInfo();
if (!$clientInfo instanceof ClientInfo) {
throw new Exception\InvalidRequestException('No client info in request');
}
$endpointUri = $clientInfo->getTokenEndpoint();
$httpRequest->setUri($endpointUri);
$httpRequest->setMethod('POST');
$httpRequest->getPost()->fromArray(array(Param::CLIENT_ID => $clientInfo->getClientId(), Param::REDIRECT_URI => $clientInfo->getRedirectUri(), Param::GRANT_TYPE => $request->getGrantType(), Param::CODE => $request->getCode()));
$headers = array_merge($this->defaultHeaders, $this->options->get(self::OPT_HEADERS, array()));
$httpRequest->getHeaders()->addHeaders($headers);
$authenticator = $this->getClientAuthenticatorFactory()->createAuthenticator($clientInfo);
$authenticator->configureHttpRequest($httpRequest);
return $httpRequest;
}
public function testSettersAndGetters()
{
$clientInfo = $this->getMock('InoOicClient\\Client\\ClientInfo');
$grantType = 'authorization_code';
$code = '1234';
$request = new Request();
$request->setClientInfo($clientInfo);
$request->setGrantType($grantType);
$request->setCode($code);
$this->assertSame($clientInfo, $request->getClientInfo());
$this->assertSame($grantType, $request->getGrantType());
$this->assertSame($code, $request->getCode());
}
/**
* Creates token request.
*
* @param string $authorizationCode
* @return Token\Request
*/
public function createTokenRequest($authorizationCode)
{
$tokenRequest = new Token\Request();
$tokenRequest->setClientInfo($this->getClientInfo());
$tokenRequest->setCode($authorizationCode);
$tokenRequest->setGrantType('authorization_code');
return $tokenRequest;
}
$clientInfo = new ClientInfo();
$clientInfo->fromArray($config['client_info']);
$stateManager = new Manager();
$dispatcher = new Authorization\Dispatcher();
$dispatcher->setStateManager($stateManager);
if (!isset($_GET['redirect'])) {
$request = new Authorization\Request($clientInfo, 'code', 'openid profile email');
$uri = $dispatcher->createAuthorizationRequestUri($request);
_dump($uri);
printf("<pre>%s</pre><br>", $uri);
printf("<a href=\"%s\">Login</a>", $uri);
} else {
try {
$response = $dispatcher->getAuthorizationResponse();
printf("OK<br>Code: %s<br>State: %s<br>", $response->getCode(), $response->getState());
$tokenRequest = new Token\Request();
$tokenRequest->fromArray(array('client_info' => $clientInfo, 'code' => $response->getCode(), 'grant_type' => 'authorization_code'));
$httpClient = _createHttpClient();
$tokenDispatcher = new Token\Dispatcher($httpClient);
try {
$tokenResponse = $tokenDispatcher->sendTokenRequest($tokenRequest);
_dump($tokenResponse);
printf("Access token: %s<br>", $tokenResponse->getAccessToken());
$userInfoRequest = new UserInfo\Request();
$userInfoRequest->setAccessToken($tokenResponse->getAccessToken());
$userInfoRequest->setClientInfo($clientInfo);
$userInfoDispatcher = new UserInfo\Dispatcher($httpClient);
try {
$userInfoResponse = $userInfoDispatcher->sendUserInfoRequest($userInfoRequest);
_dump($userInfoResponse->getClaims());
printf("User info: %s", \Zend\Json\Json::encode($userInfoResponse->getClaims(), \Zend\Json\Json::TYPE_ARRAY));
/**
* Resume authentication process.
*
* This function resumes the authentication process after the user has
* entered his or her credentials.
*
* @param array &$state The authentication state.
*/
public static function resume()
{
$request = Request::fromString($_SERVER['REQUEST_METHOD'] . ' ' . self::requesturi());
if (!($stateId = $request->getQuery('state'))) {
throw new SimpleSAML_Error_BadRequest('Missing "state" parameter.');
}
$state = SimpleSAML_Auth_State::loadState($stateId, 'openidconnect:Connect');
/*
* Now we have the $state-array, and can use it to locate the authentication
* source.
*/
$source = SimpleSAML_Auth_Source::getById($state['openidconnect:AuthID']);
if ($source === NULL) {
/*
* The only way this should fail is if we remove or rename the authentication source
* while the user is at the login page.
*/
throw new SimpleSAML_Error_Exception('Could not find authentication source.');
}
/*
* Make sure that we haven't switched the source type while the
* user was at the authentication page. This can only happen if we
* change config/authsources.php while an user is logging in.
*/
if (!$source instanceof self) {
throw new SimpleSAML_Error_Exception('Authentication source type changed.');
}
// The library has its own state manager but we're using SSP's.
// We've already validated the state, so let's get the token.
$tokenDispatcher = new Dispatcher();
$tokenRequest = new TokenRequest();
$clientInfo = new ClientInfo();
$clientInfo->fromArray(reset($source->getConfig()));
$tokenRequest->setClientInfo($clientInfo);
$tokenRequest->setCode($request->getQuery('code'));
$tokenRequest->setGrantType('authorization_code');
$tokenDispatcher->setOptions(['http_options' => ['sslcapath' => $source->sslcapath]]);
$tokenResponse = $tokenDispatcher->sendTokenRequest($tokenRequest);
$userDispatcher = new InfoDispatcher();
$userDispatcher->setOptions(['http_options' => ['sslcapath' => $source->sslcapath]]);
$infoRequest = new InfoRequest();
$infoRequest->setClientInfo($clientInfo);
$infoRequest->setAccessToken($tokenResponse->getAccessToken());
try {
$infoResponse = $userDispatcher->sendUserInfoRequest($infoRequest);
$user = $infoResponse->getClaims();
} catch (Exception $e) {
/*
* The user isn't authenticated.
*
* Here we simply throw an exception, but we could also redirect the user back to the
* login page.
*/
throw new SimpleSAML_Error_Exception('User not authenticated after login attempt.', $e->getCode(), $e);
}
/*
* So, we have a valid user. Time to resume the authentication process where we
* paused it in the authenticate()-function above.
*/
$state['Attributes'] = self::getAttributes($user);
SimpleSAML_Auth_Source::completeAuth($state);
/*
* The completeAuth-function never returns, so we never get this far.
*/
assert('FALSE');
}
