/** * {@inheritdoc} */ public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response) { $assertion = RequestBody::getParameter($request, 'assertion'); if (null === $assertion) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Parameter "assertion" is missing.'); } $jwt = $this->getJWTLoader()->load($assertion); if (!$jwt instanceof JWSInterface) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Assertion does not contain signed claims.'); } if (!$jwt->hasClaim('sub')) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_REQUEST, 'Assertion does not contain "sub" claims.'); } //We modify the response: // - We add the subject as the client public id // - We transmit the JWT to the response for further needs $grant_type_response->setClientPublicId($jwt->getClaim('sub')); $grant_type_response->setAdditionalData('jwt', $jwt); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $refresh_token = RequestBody::getParameter($request, 'refresh_token'); if (null === $refresh_token) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->getRefreshTokenManager()->getRefreshToken($refresh_token); if (!$token instanceof RefreshTokenInterface) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_GRANT, 'Invalid refresh token'); } $this->checkRefreshToken($token, $client); if (empty($grant_type_response->getRequestedScope())) { $grant_type_response->setRequestedScope($token->getScope()); } $grant_type_response->setAvailableScope($token->getScope()); $grant_type_response->setResourceOwnerPublicId($token->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($token->getUserAccountPublicId()); $grant_type_response->setRefreshTokenIssued(true); $grant_type_response->setRefreshTokenScope($token->getScope()); $grant_type_response->setRefreshTokenRevoked($token); $grant_type_response->setAdditionalData('metadatas', $token->getMetadatas()); }
/** * {@inheritdoc} */ public function prepareGrantTypeResponse(ServerRequestInterface $request, GrantTypeResponseInterface &$grant_type_response) { $assertion = RequestBody::getParameter($request, 'assertion'); try { Assertion::notNull($assertion, 'Parameter "assertion" is missing.'); $jwt = $this->getJWTLoader()->load($assertion, $this->key_encryption_key_set, $this->encryption_required); Assertion::isInstanceOf($jwt, JWSInterface::class, 'Assertion does not contain signed claims.'); Assertion::true($jwt->hasClaim('sub'), 'Assertion does not contain "sub" claims.'); } catch (\Exception $e) { throw $this->getExceptionManager()->getBadRequestException(ExceptionManagerInterface::ERROR_INVALID_REQUEST, $e->getMessage()); } //We modify the response: // - We add the subject as the client public id // - We transmit the JWT to the response for further needs $grant_type_response->setClientPublicId($jwt->getClaim('sub')); $grant_type_response->setAdditionalData('jwt', $jwt); }
/** * {@inheritdoc} */ public function grantAccessToken(ServerRequestInterface $request, ClientInterface $client, GrantTypeResponseInterface &$grant_type_response) { $this->checkClient($request, $client); $authCode = $this->getAuthCode($request); $this->checkPKCE($request, $authCode, $client); $this->checkAuthCode($authCode, $client); $redirect_uri = RequestBody::getParameter($request, 'redirect_uri'); // Validate the redirect URI. $this->checkRedirectUri($authCode, $redirect_uri); $this->getAuthorizationCodeManager()->markAuthCodeAsUsed($authCode); if ($this->hasScopeManager()) { $grant_type_response->setRequestedScope(RequestBody::getParameter($request, 'scope') ? $this->getScopeManager()->convertToArray(RequestBody::getParameter($request, 'scope')) : $authCode->getScope()); $grant_type_response->setAvailableScope($authCode->getScope()); $grant_type_response->setRefreshTokenScope($authCode->getScope()); } $grant_type_response->setResourceOwnerPublicId($authCode->getResourceOwnerPublicId()); $grant_type_response->setUserAccountPublicId($authCode->getUserAccountPublicId()); $grant_type_response->setRedirectUri($authCode->getMetadata('redirect_uri')); // Refresh Token $grant_type_response->setRefreshTokenIssued($authCode->getIssueRefreshToken()); $grant_type_response->setAdditionalData('auth_code', $authCode); }