/**
  * {@inheritdoc}
  */
 public function validateAuthorization(\Phalcon\Http\RequestInterface $request)
 {
     if (!$request->getHeader('authorization')) {
         throw OAuthServerException::accessDenied('Missing "Authorization" header');
     }
     $header = $request->getHeader('authorization');
     $jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header));
     try {
         // Attempt to parse and validate the JWT
         $token = (new Parser())->parse($jwt);
         if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
             throw OAuthServerException::accessDenied('Access token could not be verified');
         }
         // Ensure access token hasn't expired
         $data = new ValidationData();
         $data->setCurrentTime(time());
         if ($token->validate($data) === false) {
             throw OAuthServerException::accessDenied('Access token is invalid');
         }
         // Check if token has been revoked
         if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
             throw OAuthServerException::accessDenied('Access token has been revoked');
         }
         // Return the response with additional attributes
         $response = ['oauth_access_token_id' => $token->getClaim('jti'), 'oauth_client_id' => $token->getClaim('aud'), 'oauth_user_id' => $token->getClaim('sub'), 'oauth_scopes' => $token->getClaim('scopes')];
         return $response;
     } catch (\InvalidArgumentException $exception) {
         // JWT couldn't be parsed so return the request as is
         throw OAuthServerException::accessDenied($exception->getMessage());
     }
 }
Пример #2
0
 /**
  * Issue an access token.
  *
  * @param \DateInterval                                         $accessTokenTTL
  * @param \League\OAuth2\Server\Entities\ClientEntityInterface  $client
  * @param string                                                $userIdentifier
  * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
  *
  * @return \League\OAuth2\Server\Entities\AccessTokenEntityInterface
  */
 protected function issueAccessToken(\DateInterval $accessTokenTTL, ClientEntityInterface $client, $userIdentifier, array $scopes = [])
 {
     $accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
     $accessToken->setClient($client);
     $accessToken->setUserIdentifier($userIdentifier);
     $accessToken->setIdentifier($this->generateUniqueIdentifier());
     $accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));
     foreach ($scopes as $scope) {
         $accessToken->addScope($scope);
     }
     $this->accessTokenRepository->persistNewAccessToken($accessToken);
     return $accessToken;
 }
 /**
  * Issue an access token.
  *
  * @param \DateInterval                                         $accessTokenTTL
  * @param \League\OAuth2\Server\Entities\ClientEntityInterface  $client
  * @param string                                                $userIdentifier
  * @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
  *
  * @return \League\OAuth2\Server\Entities\AccessTokenEntityInterface
  */
 protected function issueAccessToken(\DateInterval $accessTokenTTL, ClientEntityInterface $client, $userIdentifier, array $scopes = [])
 {
     $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
     $accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
     $accessToken->setClient($client);
     $accessToken->setUserIdentifier($userIdentifier);
     $accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));
     foreach ($scopes as $scope) {
         $accessToken->addScope($scope);
     }
     while ($maxGenerationAttempts-- > 0) {
         $accessToken->setIdentifier($this->generateUniqueIdentifier());
         try {
             $this->accessTokenRepository->persistNewAccessToken($accessToken);
             return $accessToken;
         } catch (UniqueTokenIdentifierConstraintViolationException $e) {
             if ($maxGenerationAttempts === 0) {
                 throw $e;
             }
         }
     }
 }