/** * Looks for the code parameter and stores it in the token storage if present * * @param ServerRequestEvent $event */ public function onAuthorizationResponse(ServerRequestEvent $event) { $arguments = $event->getServerRequest()->getQueryParams(); if (!isset($arguments['code'])) { return; } $expiresIn = 60; $token = $this->tokenManager->createToken("authorization_code"); $token->setToken($arguments['code']); $token->setExpiresIn($expiresIn); $this->tokenManager->persistToken($token); }
/** * Looks for a refresh_token in the response body * * @param ResponseEvent $event */ public function onTokenResponse(ResponseEvent $event) { $body = (string) $event->getResponse()->getBody(); $arguments = json_decode($body, true); if (!isset($arguments['refresh_token'])) { return; } $expiresIn = 14 * 24 * 60 * 60; // Two weeks $refreshToken = $this->tokenManager->createToken("refresh_token"); $refreshToken->setToken($arguments['refresh_token']); $refreshToken->setExpiresIn($expiresIn); $this->tokenManager->persistToken($refreshToken); }
/** * Adds CSRF token to the authorization request * * @param RedirectEvent $event */ public function onAuthorizationRequest(RedirectEvent $event) { $url = $event->getUrl(); if ($url === null) { return; } $token = md5(uniqid(rand(), true)); $expiresIn = 120; $stateToken = $this->tokenManager->createToken("state"); $stateToken->setToken($token); $stateToken->setExpiresIn($expiresIn); $this->tokenManager->persistToken($stateToken); $url = $url . "&state={$token}"; $event->setUrl($url); }