/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getResourceOwnerPublicId()) { return; } if ($configuration->getResourceOwnerPublicId() !== $token->getResourceOwner()->getPublicId()) { return 'Resource owner not authorized'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getClientPublicId()) { return; } if ($configuration->getClientPublicId() !== $token->getClient()->getPublicId()) { return 'Client not authorized.'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getResourceOwnerType()) { return; } $result = $this->isTypeValid($configuration->getResourceOwnerType(), $token->getResourceOwner()); if (false === $result) { return 'Bad resource owner type'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getClientType()) { return; } $result = $this->isTypeValid($configuration->getClientType(), $token->getClient()); if (false === $result) { return 'Bad client type'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getScope()) { return; } // If the scope of the access token are not sufficient, then returns an authentication error $tokenScope = $this->getScopeManager()->convertToScope($token->getAccessToken()->getScope()); $requiredScope = $this->getScopeManager()->convertToScope($configuration->getScope()); if (!$this->getScopeManager()->checkScopes($requiredScope, $tokenScope)) { return 'Insufficient scope'; } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getScope()) { return; } $language = $this->getExpressionLanguage(); $result = $language->evaluate($configuration->getScope(), ['scope' => $token->getAccessToken()->getScope()]); // If the scope of the access token does not fulfill the scope rule, then returns an authentication error if (false === $result) { return sprintf('Insufficient scope. The scope rule is: %s', $configuration->getScope()); } }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getClientType()) { return; } if (self::TYPE_PUBLIC === $configuration->getClientType() && 'none' === $token->getClient()->get('token_endpoint_auth_method')) { return; } if (self::TYPE_CONFIDENTIAL === $configuration->getClientType() && 'none' !== $token->getClient()->get('token_endpoint_auth_method')) { return; } return 'Resource owner not authorized.'; }
/** * {@inheritdoc} */ public function check(OAuth2Token $token, OAuth2 $configuration) { if (null === $configuration->getResourceOwnerType()) { return; } if (self::TYPE_CLIENT === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof ClientInterface) { return; } if (self::TYPE_USER === $configuration->getResourceOwnerType() && $token->getResourceOwner() instanceof UserAccountInterface) { return; } return 'Resource owner not authorized.'; }
/** * {@inheritdoc} */ public function handle(GetResponseEvent $event) { $factory = new DiactorosFactory(); $request = $factory->createRequest($event->getRequest()); $token_id = $this->getAccessTokenTypeManager()->findAccessToken($request); if (null === $token_id) { return; } try { $token = new OAuth2Token(); $token->setToken($token_id); $result = $this->authentication_manager->authenticate($token); $this->token_storage->setToken($result); } catch (AuthenticationException $e) { if (null !== $e->getPrevious()) { $e = $e->getPrevious(); } $response = new Response($e->getMessage(), 401); $event->setResponse($response); } }