/** * @param \OAuth2\Token\AccessTokenInterface $access_token * * @throws \OAuth2\Exception\BadRequestExceptionInterface * * @return null|\OAuth2\UserAccount\UserAccountInterface */ private function getUserAccount(AccessTokenInterface $access_token) { $user_account = $this->getUserAccountManager()->getUserAccountByPublicId($access_token->getUserAccountPublicId()); if (null === $user_account) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'Unable to find the resource owner.'); } return $user_account; }
/** * @param \OAuth2\Token\AccessTokenInterface $access_token * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Client\ClientInterface|\OAuth2\UserAccount\UserAccountInterface */ private function getResourceOwner(AccessTokenInterface $access_token) { if (null !== $access_token->getUserAccountPublicId()) { $resource_owner = $this->getUserAccountManager()->getUserAccountByPublicId($access_token->getUserAccountPublicId()); } else { $resource_owner = $this->getClientManager()->getClient($access_token->getResourceOwnerPublicId()); } if (null !== $resource_owner) { return $resource_owner; } throw new BadCredentialsException('Unknown resource owner'); }
/** * @param \OAuth2\Token\AccessTokenInterface $access_token * @param \OAuth2\Client\ClientInterface|null $resource_server * * @return array */ protected function preparePayload(AccessTokenInterface $access_token, ClientInterface $resource_server = null) { $aud = [$this->getIssuer()]; if (null !== $resource_server) { $access_token[] = $resource_server->getPublicId(); } $payload = ['jti' => Base64Url::encode(random_bytes(25)), 'iss' => $this->getIssuer(), 'aud' => $aud, 'iat' => time(), 'nbf' => time(), 'exp' => $access_token->getExpiresAt(), 'sub' => $access_token->getClientPublicId(), 'token_type' => $access_token->getTokenTypeParameter('token_type'), 'scp' => $access_token->getScope(), 'resource_owner' => $access_token->getResourceOwnerPublicId(), 'user_account' => $access_token->getUserAccountPublicId()]; $payload['metadatas'] = $access_token->getMetadatas(); if (0 !== ($expires_at = $access_token->getExpiresAt())) { $payload['exp'] = $expires_at; } if (!empty($access_token->getParameters())) { $parameters = $access_token->getParameters(); //This part should be updated to support 'cnf' (confirmation) claim (see POP). $payload['other'] = $parameters; } if (null !== $access_token->getRefreshToken()) { $payload['refresh_token'] = $access_token->getRefreshToken(); } return $payload; }