public function setup(ezcMvcRequest $request)
{
// Setup for testing credentials
// Check for required components (fail if not present)
// Fail if too many components are required (according to spec, later)
// Validate components
$token = ezpOauthUtility::getToken($request);
$cred = new ezcAuthenticationIdCredentials($token);
$oauthFilter = new ezpOauthFilter();
$auth = new ezcAuthentication($cred);
$auth->addFilter($oauthFilter);
return $auth;
}
/**
* Handles the POST request which is sent to obtain token data.
*
* Currently only authorization code access grant is supported, section 4.1.1
*
* @return ezcMvcResult
*/
public function doHandleRequest()
{
// Check that the correct params are present
// Params for token endpoint per section 4
// REQUIRED: grant_type, client_id, client_secret
// OPTIONAL: scope
//
// Supported grant types are: authorization_code and refresh_token
//
// Additional params for 'authorization_code', Section 4.1.1
// REQUIRED: code, redirect_uri
//
// Additional param for 'refresh_token", Section 4.1.4
// REQUIRED: refresh_token
// Defining the required params for each stage of operation
$initialRequiredParams = array('grant_type', 'client_id', 'client_secret');
// params for grant_type=authorization_code
$codeRequiredParams = array('code', 'redirect_uri');
// params for grant_type=refresh_token
$refreshRequiredParams = array('refresh_token');
$this->checkParams($initialRequiredParams);
// We can get the first set of required params
$grant_type = $this->request->post['grant_type'];
$client_id = $this->request->post['client_id'];
$client_secret = $this->request->post['client_secret'];
$tokenTTL = (int) eZINI::instance('rest.ini')->variable('OAuthSettings', 'TokenTTL');
if (!$this->validateGrantType($grant_type)) {
throw new ezpOauthInvalidRequestException(ezpOauthTokenEndpointErrorType::UNSUPPORTED_GRANT_TYPE);
}
$result = new ezcMvcResult();
$newToken = null;
switch ($grant_type) {
case 'authorization_code':
$this->checkParams($codeRequiredParams);
$newToken = ezpOauthUtility::doRefreshTokenWithAuthorizationCode($client_id, $client_secret, $this->request->post['code'], $this->request->post['redirect_uri']);
break;
case 'refresh_token':
$this->checkParams($refreshRequiredParams);
$newToken = ezpOauthUtility::doRefreshToken($client_id, $client_secret, $this->request->post['refresh_token']);
break;
}
if (!$newToken instanceof ezpRestToken) {
throw new ezpOauthInvalidTokenException(ezpOauthTokenEndpointErrorType::INVALID_REQUEST);
}
$result->variables['access_token'] = $newToken->id;
$result->variables['refresh_token'] = $newToken->refresh_token;
$result->variables['expires_in'] = $tokenTTL;
return $result;
}
public function setup(ezcMvcRequest $request)
{
// Setup for testing credentials
// Check for required components (fail if not present)
// Fail if too many components are required (according to spec, later)
// Validate components
$logger = ezcLog::getInstance();
$logger->source = __FUNCTION__;
$logger->category = "oauth";
$logger->log("Begin oauth verification", ezcLog::DEBUG);
$token = ezpOauthUtility::getToken($request);
$cred = new ezcAuthenticationIdCredentials($token);
$oauthFilter = new ezpOauthFilter();
$auth = new ezcAuthentication($cred);
$auth->addFilter($oauthFilter);
return $auth;
}
