if ($_POST['grant_type'] === 'authorization_code' && array_key_exists('code', $_POST)) {
$authorizationTokenId = $_POST['code'];
$authorizationToken = $tokenStore->getAuthorizationCode($authorizationTokenId);
$tokenStore->removeAuthorizationCode($_POST['code']);
} elseif ($_POST['grant_type'] === 'refresh_token' && array_key_exists('refresh_token', $_POST)) {
$authorizationTokenId = $_POST['refresh_token'];
$authorizationToken = $tokenStore->getRefreshToken($authorizationTokenId);
}
if (!is_null($authorizationToken)) {
$user = $userStore->getUser($authorizationToken['userId']);
}
if (!is_null($user)) {
if ($clientId == $authorizationToken['clientId']) {
$redirectUri = array_key_exists('redirect_uri', $_POST) ? $_POST['redirect_uri'] : null;
if ($authorizationToken['redirectUri'] == $redirectUri) {
$tokenFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationToken['authorizationCodeTTL'], $authorizationToken['accessTokenTTL'], $authorizationToken['refreshTokenTTL']);
$accessToken = $tokenFactory->createBearerAccessToken($authorizationToken['clientId'], $authorizationToken['scopes'], $authorizationToken['userId']);
if ($_POST['grant_type'] === 'authorization_code') {
$refreshToken = $tokenFactory->createRefreshToken($authorizationToken['clientId'], $authorizationToken['redirectUri'], $authorizationToken['scopes'], $authorizationToken['userId']);
$tokenStore->addRefreshToken($refreshToken);
$liveRefreshTokens = array($refreshToken['id']);
foreach ($user['refreshTokens'] as $tokenId) {
if (!is_null($tokenStore->getRefreshToken($tokenId))) {
array_push($liveRefreshTokens, $tokenId);
}
}
$user['refreshTokens'] = $liveRefreshTokens;
if ($refreshToken['expire'] > $user['expire']) {
$user['expire'] = $refreshToken['expire'];
}
if (($index = array_search($authorizationTokenId, $user['authorizationCodes'])) !== false) {
}
if (isset($client['expire'])) {
$clientGracePeriod = $config->getValue('client_grace_period', 30 * 24 * 60 * 60);
$now = time();
if ($client['expire'] < $now + $clientGracePeriod / 2) {
$client['expire'] = $now + $clientGracePeriod;
$clientStore->updateClient($client);
}
}
$idAttribute = $config->getValue('user_id_attribute', 'eduPersonScopedAffiliation');
$attributes = $as->getAttributes();
if ($state['response_type'] === 'code') {
$authorizationCodeFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationCodeTTL, $accessTokenTTL, $tokenTTL);
$token = $authorizationCodeFactory->createAuthorizationCode($state['clientId'], $state['redirectUri'], array(), $attributes[$idAttribute][0]);
} else {
$authorizationCodeFactory = new sspmod_oauth2server_OAuth2_TokenFactory($authorizationCodeTTL, $tokenTTL, $tokenTTL);
$token = $authorizationCodeFactory->createBearerAccessToken($state['clientId'], array(), $attributes[$idAttribute][0]);
}
if (isset($_REQUEST['grantedScopes'])) {
$scopesTemp = $_REQUEST['grantedScopes'];
} else {
$scopesTemp = array();
}
\sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, $scopesTemp);
$token['scopes'] = \sspmod_oauth2server_Utility_Uri::findValidScopes($client, $scopesTemp);
$tokenStore = new sspmod_oauth2server_OAuth2_TokenStore($config);
if ($state['response_type'] === 'code') {
$tokenStore->addAuthorizationCode($token);
} else {
$tokenStore->addAccessToken($token);
}