/**
  * Attempts to authenticate a GrantToken
  *
  * @param GrantToken $token
  *
  * @return GrantToken
  *
  * @throws AuthenticationException
  */
 public function authenticate(TokenInterface $token)
 {
     $credentials = $token->getCredentials();
     $clientId = $credentials['client_id'];
     /** @var ClientInterface $client */
     $client = $this->clientRepository->find($clientId);
     // Verify client id
     if (!$client) {
         throw new AuthenticationException("Client with id {$clientId} does not exist");
     }
     // Verify client secret
     $clientSecret = $credentials['client_secret'];
     if (!$client->getSecret() === $clientSecret) {
         throw new AuthenticationException("Invalid client secret");
     }
     // Verify grant type
     if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
         throw new AuthenticationException("Grant type not allowed");
     }
     if ($client->getUser() === null) {
         throw new AuthenticationException("Client is not associated with any user");
     }
     $token->setUser($client->getUser());
     $token->setClient($client);
     return $token;
 }
 /**
  * Attempts to authenticate a GrantToken
  *
  * @param GrantToken $token
  *
  * @return GrantToken
  *
  * @throws AuthenticationException
  */
 public function authenticate(TokenInterface $token)
 {
     $credentials = $token->getCredentials();
     $clientId = $credentials['client_id'];
     /** @var ClientInterface $client */
     $client = $this->clientRepository->find($clientId);
     // Verify client id
     if (!$client) {
         throw new AuthenticationException("Client with id {$clientId} does not exist");
     }
     // Verify client secret
     $clientSecret = $credentials['client_secret'];
     if (!$client->getSecret() === $clientSecret) {
         throw new AuthenticationException("Invalid client secret");
     }
     // Verify grant type
     if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
         throw new AuthenticationException("Grant type not allowed");
     }
     // Verify refresh_token
     $refreshToken = $this->refreshTokenRepository->findOneBy(["token" => $credentials['refresh_token'], "client" => $client]);
     if ($refreshToken === null) {
         throw new AuthenticationException("Invalid token");
     }
     // Verify expiry date
     if ($refreshToken->isExpired()) {
         throw new AuthenticationException("Token has expired");
     }
     $user = $refreshToken->getUser();
     $token->setUser($user);
     $token->setClient($client);
     return $token;
 }
 /**
  * Attempts to authenticate a GrantToken
  *
  * @param GrantToken $token
  *
  * @return GrantToken
  *
  * @throws AuthenticationException
  */
 public function authenticate(TokenInterface $token)
 {
     $credentials = $token->getCredentials();
     $clientId = $credentials['client_id'];
     /** @var ClientInterface $client */
     $client = $this->clientRepository->find($clientId);
     // Verify client id
     if (!$client) {
         throw new AuthenticationException("Client with id {$clientId} does not exist");
     }
     // Verify client secret
     $clientSecret = $credentials['client_secret'];
     if (!$client->getSecret() === $clientSecret) {
         throw new AuthenticationException("Invalid client secret");
     }
     // Verify grant type
     if (!in_array($token->getGrantType(), $client->getAllowedGrantTypes())) {
         throw new AuthenticationException("Grant type not allowed");
     }
     // Verify redirect uri
     $redirectUri = $credentials['redirect_uri'];
     if (!in_array($redirectUri, $client->getRedirectUris())) {
         throw new AuthenticationException("Invalid redirect uri");
     }
     // Verify authorization code
     $code = $credentials['code'];
     $authorizationCode = $this->authorizationCodeRepository->findOneBy(["code" => $code, "client" => $client]);
     if ($authorizationCode === null) {
         throw new AuthenticationException("Invalid code");
     }
     // Verify that redirect uri's match
     if ($authorizationCode->getRedirectUri() !== $redirectUri) {
         throw new AuthenticationException("Redirect uri does not match redirect uri from previous request");
     }
     // Verify expiry date
     if ($authorizationCode->isExpired()) {
         throw new AuthenticationException("Code has expired");
     }
     $user = $authorizationCode->getUser();
     $token->setUser($user);
     $token->setClient($client);
     return $token;
 }