public function checkClientCredentialsGrant(IOAuth2Client $client, $client_secret) { if ($result = parent::checkClientCredentialsGrant($client, $client_secret)) { if ($client instanceof ExternalApp) { return array('data' => $client->getUser()); } } return $result; }
/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { $credentials = $token->getCredentials(); if (is_null($credentials)) { throw new AuthenticationException(OAuth2::HTTP_BAD_REQUEST, null, 'Empty credentials'); } $client = $this->storage->getClient($credentials[0]); if (is_null($client)) { throw new AuthenticationException(OAuth2::ERROR_INVALID_CLIENT); } if ($this->storage->checkClientCredentials($client, $credentials[1]) === false) { throw new AuthenticationException(OAuth2::ERROR_INVALID_CLIENT); } $token->eraseCredentials(); $newToken = new SharedSecretToken(array("ROLE_SHARED_SECRET", "ROLE_OAUTH_CLIENT")); $newToken->setClient($client); $newToken->setAuthenticated(true); return $newToken; }
/** * This authentification is role based * @see OAuth2\IOAuth2GrantExtension::checkGrantExtension */ public function checkGrantExtension(IOAuth2Client $client, array $inputData, array $authHeaders) { if (!isset($inputData['username'])) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "username" parameter found'); } if (!isset($inputData['password'])) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "password" parameter found'); } if (!isset($inputData['required_role'])) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "required_role" parameter found'); } $username = $inputData['username']; $password = $inputData['password']; $role = $inputData['required_role']; $stored = $this->storage->checkUserCredentials($client, $username, $password); if ($stored === false) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "Invalid username and password combination"); } $user = $stored['data']; if (!$this->isGranted($role, $user)) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "User is not granted {$role}"); } return ['data' => $user]; }