/**
* Looks for the code parameter and stores it in the token storage if present
*
* @param ServerRequestEvent $event
*/
public function onAuthorizationResponse(ServerRequestEvent $event)
{
$arguments = $event->getServerRequest()->getQueryParams();
if (!isset($arguments['code'])) {
return;
}
$expiresIn = 60;
$token = $this->tokenManager->createToken("authorization_code");
$token->setToken($arguments['code']);
$token->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($token);
}
/**
* Looks for a refresh_token in the response body
*
* @param ResponseEvent $event
*/
public function onTokenResponse(ResponseEvent $event)
{
$body = (string) $event->getResponse()->getBody();
$arguments = json_decode($body, true);
if (!isset($arguments['refresh_token'])) {
return;
}
$expiresIn = 14 * 24 * 60 * 60;
// Two weeks
$refreshToken = $this->tokenManager->createToken("refresh_token");
$refreshToken->setToken($arguments['refresh_token']);
$refreshToken->setExpiresIn($expiresIn);
$this->tokenManager->persistToken($refreshToken);
}
/**
* Validates the CSRF token
*
* @param ServerRequestEvent $event
*
* @throws CsrfException
*/
public function onAuthorizationResponse(ServerRequestEvent $event)
{
$arguments = $event->getServerRequest()->getQueryParams();
if (!isset($arguments['state'])) {
throw new CsrfException();
}
$stateToken = $this->tokenManager->findToken("state");
if ($stateToken === null) {
throw new CsrfException();
}
$state = $stateToken->getToken();
if ($state !== $arguments['state']) {
throw new CsrfException();
}
$this->tokenManager->removeToken($stateToken);
}
