/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $refresh_token = RequestBody::getParameter($request, 'refresh_token'); if (null === $refresh_token) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token); if (!$token instanceof RefreshTokenInterface) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token'); } $this->checkRefreshToken($token, $client); if (empty($grant_type_response->getRequestedScope())) { $grant_type_response->setRequestedScope($token->getScope()); } $grant_type_response->setAvailableScope($token->getScope()); $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId()); $grant_type_response->setRefreshTokenIssued(true); $grant_type_response->setRefreshTokenScope($token->getScope()); $grant_type_response->setRefreshTokenRevoked($token); $grant_type_response->setAdditionalData('metadatas', $token->getMetadatas()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (!$client instanceof ConfidentialClientInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_CLIENT, 'The client is not a confidential client'); } $issue_refresh_token = $this->getConfiguration()->get('issue_refresh_token_with_client_credentials_grant_type', false); $scope = RequestBody::getParameter($request, 'scope'); $grant_type_response->setRequestedScope($scope); $grant_type_response->setAvailableScope(null); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($scope); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if ($client->isPublic()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a confidential client'); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $username = RequestBody::getParameter($request, 'username'); $password = RequestBody::getParameter($request, 'password'); $end_user = $this->getEndUserManager()->getEndUser($username); if (null === $end_user || !$this->getEndUserManager()->checkEndUserPasswordCredentials($end_user, $password)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid username and password combination'); } $scope = RequestBody::getParameter($request, 'scope'); $grant_type_response->setRequestedScope($scope); $grant_type_response->setAvailableScope(null); $grant_type_response->setResourceOwnerPublicId($end_user->getPublicId()); $grant_type_response->setRefreshTokenIssued($this->getIssueRefreshToken($client, $end_user)); $grant_type_response->setRefreshTokenScope($scope); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $refresh_token = RequestBody::getParameter($request, 'refresh_token'); if (null === $refresh_token) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token); if (!$token instanceof RefreshTokenInterface || $token->isUsed()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid refresh token'); } $this->checkRefreshToken($token, $client); $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $token->getScope()); $grant_type_response->setAvailableScope($token->getScope()); $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId()); $grant_type_response->setRefreshTokenIssued(true); $grant_type_response->setRefreshTokenScope($token->getScope()); $grant_type_response->setRefreshTokenRevoked($token); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { if (false === $client->hasPublicKeySet()) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_CLIENT, 'The client is not a client with signature capabilities.'); } $jwt = $grant_type_response->getAdditionalData('jwt'); try { $this->getJWTLoader()->verify($jwt, $client->getPublicKeySet()); } catch (\Exception $e) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage()); } $issue_refresh_token = $this->isRefreshTokenIssuedWithAccessToken(); $grant_type_response->setResourceOwnerPublicId($client->getPublicId()); $grant_type_response->setUserAccountPublicId(null); $grant_type_response->setRefreshTokenIssued($issue_refresh_token); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $username = RequestBody::getParameter($request, 'username'); $password = RequestBody::getParameter($request, 'password'); $user_account = $this->getUserAccountManager()->getUserAccountByUsername($username); if (null === $user_account || !$this->getUserAccountManager()->checkUserAccountPasswordCredentials($user_account, $password)) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid username and password combination'); } $grant_type_response->setResourceOwnerPublicId($user_account->getUserPublicId()); $grant_type_response->setUserAccountPublicId($user_account->getPublicId()); $grant_type_response->setRefreshTokenIssued($this->issueRefreshToken($client)); $grant_type_response->setRefreshTokenScope($grant_type_response->getRequestedScope()); }
/** * @param \OAuth2\Client\ClientInterface $client * @param \OAuth2\Grant\GrantTypeResponseInterface $grant_type_response * @param array $request_parameters * @param array $token_type_information * @param array $metadatas * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Token\AccessTokenInterface */ private function createAccessToken(ClientInterface $client, GrantTypeResponseInterface $grant_type_response, array $request_parameters, array $token_type_information, array $metadatas) { $refresh_token = null; $resource_owner = $this->getResourceOwner($grant_type_response->getResourceOwnerPublicId(), $grant_type_response->getUserAccountPublicId()); if (true === $this->hasRefreshTokenManager()) { if (true === $grant_type_response->isRefreshTokenIssued()) { $refresh_token = $this->getRefreshTokenManager()->createRefreshToken($client, $resource_owner, $grant_type_response->getRefreshTokenScope(), $metadatas); } } $access_token = $this->getAccessTokenManager()->createAccessToken($client, $resource_owner, $token_type_information, $request_parameters, $grant_type_response->getRequestedScope(), $refresh_token, null, $metadatas); return $access_token; }
/** * @param \Psr\Http\Message\ServerRequestInterface $request * @param \OAuth2\Grant\GrantTypeResponseInterface $grant_type_response * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return \OAuth2\Client\ClientInterface */ protected function findClient(ServerRequestInterface $request, GrantTypeResponseInterface $grant_type_response) { if (null === $grant_type_response->getClientPublicId()) { $client = $this->getClientManagerSupervisor()->findClient($request); } else { $client_public_id = $grant_type_response->getClientPublicId(); $client = $this->getClientManagerSupervisor()->getClient($client_public_id); } if (!$client instanceof ClientInterface) { throw $this->getClientManagerSupervisor()->buildAuthenticationException($request); } return $client; }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $this->checkClient($request, $client); $authCode = $this->getAuthCode($request); if (!$authCode instanceof AuthCodeInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, "Code doesn't exist or is invalid for the client."); } $this->checkPKCE($request, $authCode); $this->checkAuthCode($authCode, $client); $redirect_uri = RequestBody::getParameter($request, 'redirect_uri'); // Validate the redirect URI. $this->checkRedirectUri($authCode, $redirect_uri); $this->getAuthCodeManager()->markAuthCodeAsUsed($authCode); $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ?: $authCode->getScope()); $grant_type_response->setAvailableScope($authCode->getScope()); $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId()); $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken()); $grant_type_response->setRefreshTokenScope($authCode->getScope()); $grant_type_response->setRefreshTokenRevoked(null); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $this->checkClient($request, $client); $authCode = $this->getAuthCode($request); $this->checkPKCE($request, $authCode, $client); $this->checkAuthCode($authCode, $client); $redirect_uri = RequestBody::getParameter($request, 'redirect_uri'); // Validate the redirect URI. $this->checkRedirectUri($authCode, $redirect_uri); $this->getAuthorizationCodeManager()->markAuthCodeAsUsed($authCode); if ($this->hasScopeManager()) { $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ? $this->getScopeManager()->convertToArray(RequestBody::getParameter($request, 'scope')) : $authCode->getScope()); $grant_type_response->setAvailableScope($authCode->getScope()); $grant_type_response->setRefreshTokenScope($authCode->getScope()); } $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($authCode->getUserAccountPublicId()); $grant_type_response->setRedirectUri($authCode->getMetadata('redirect_uri')); // Refresh Token $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken()); $grant_type_response->setAdditionalData('auth_code', $authCode); }