private function checkRegistrationAccessToken(Request $request, Client $client) { $raw = $request->get('access_token', $request->headers->get('authorization')); $token = str_replace('Bearer ', '', $raw); $metadata = $client->getMetadata(); if (!$token || $metadata->getRegistrationAccessToken() !== $token) { throw $this->createAccessDeniedException(); } }