/** * This authentification is role based * @see OAuth2\IOAuth2GrantExtension::checkGrantExtension */ public function checkGrantExtension(IOAuth2Client $client, array $inputData, array $authHeaders) { if (!isset($inputData['username'])) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "username" parameter found'); } if (!isset($inputData['password'])) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "password" parameter found'); } if (!isset($inputData['required_role'])) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_REQUEST, 'No "required_role" parameter found'); } $username = $inputData['username']; $password = $inputData['password']; $role = $inputData['required_role']; $stored = $this->storage->checkUserCredentials($client, $username, $password); if ($stored === false) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "Invalid username and password combination"); } $user = $stored['data']; if (!$this->isGranted($role, $user)) { throw new OAuth2ServerException(OAuth2::HTTP_BAD_REQUEST, OAuth2::ERROR_INVALID_GRANT, "User is not granted {$role}"); } return ['data' => $user]; }