After the user has approved or denied the access request the authorization server should call this function to
redirect the user appropriately.
|
public finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, |
||
| $isAuthorized | boolean | true or false depending on whether the user authorized the access. |
| $data | mixed | Application data |
| $request | ||
| $scope | string | null | |
| return | ||
/**
* Creates and returns access token for a user
* @param AdvancedUserInterface $user [description]
* @return [type] [description]
*/
public function generateAccessToken(AdvancedUserInterface $user)
{
if (is_null($user->getOAuthClient()->getId())) {
throw new \Exception('User must have an OAuth Client', 500);
}
// Search valid token
$oauth_access_token = $this->oauth_manipulator->getValidTokenForClient($user->getOAuthClient());
if (!is_null($oauth_access_token)) {
return $oauth_access_token->getToken();
}
// Or else, creates a new one
// Forge request to satisfy OAuth2 server
$request = new Request();
$request->query->add(['client_id' => $user->getOAuthClient()->getPublicId(), 'response_type' => OAuth2::RESPONSE_TYPE_ACCESS_TOKEN, 'redirect_uri' => $user->getOAuthClient()->getRedirectUris()[0]]);
$response = $this->oauth2->finishClientAuthorization(true, $user, $request, null);
if ($response instanceof Response) {
$location = str_replace('#', '?', $response->headers->get('location'));
$query_string = parse_url($location, PHP_URL_QUERY);
parse_str($query_string, $queries);
if (isset($queries['access_token'])) {
$access_token = $queries['access_token'];
return $access_token;
}
} else {
throw new Exception("Token creation ; unknown response type : " . get_class($response), 500);
}
}
/**
* Tests OAuth2->grantAccessToken() with implicit
*
*/
public function testRejectedAccessTokenWithGrantImplicit()
{
//$this->fixture->grantAccessToken(/* parameters */);
$stub = new OAuth2ImplicitStub();
$stub->addClient(new OAuth2Client('blah', 'foo', array('http://www.example.com/')));
$oauth2 = new OAuth2($stub);
$data = new \stdClass();
try {
$response = $oauth2->finishClientAuthorization(false, $data, new Request(array('client_id' => 'blah', 'redirect_uri' => 'http://www.example.com/?foo=bar', 'state' => '42', 'response_type' => 'token')));
$this->fail('The expected exception OAuth2ServerException was not thrown');
} catch (OAuth2ServerException $e) {
$this->assertSame('access_denied', $e->getMessage());
$this->assertSame('The user denied access to your application', $e->getDescription());
$this->assertSame(array('Location' => 'http://www.example.com/?foo=bar#error=access_denied&error_description=The+user+denied+access+to+your+application&state=42'), $e->getResponseHeaders());
}
}
* You would need to authenticate the user before authorization.
*
* Below is some psudeo-code to show what you might do:
*
session_start();
if (!isLoggedIn()) {
redirectToLoginPage();
exit();
}
*/
$oauth = new OAuth2(new OAuth2StoragePDO(newPDO()));
if ($_POST) {
$userId = 123;
// Use whatever method you have for identifying users.
try {
$response = $oauth->finishClientAuthorization($_POST["accept"] == "Yep", $userId);
$response->send();
} catch (OAuth2ServerException $e) {
$e->getHttpResponse()->send();
}
exit;
}
try {
$auth_params = $oauth->getAuthorizeParams();
} catch (OAuth2ServerException $oauthError) {
$oauthError->sendHttpResponse();
}
?>
<html>
<head>
<title>Authorize</title>
