/** * \brief BillingAddressエンドポイントリソース取得メソッド * */ public function fetchBillingAddress() { parent::fetchResource($this->url, "GET"); $res_body = parent::getLastResponse(); $json_response = json_decode($res_body, true); Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response); if ($json_response != null) { if (empty($json_response["error"])) { $this->billing_address = $json_response; } else { $error = $json_response["error"]["code"]; $error_desc = $json_response["error"]["message"]; Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc); throw new ApiException($error, $error_desc); } } else { Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body"); throw new ApiException("no_response", "Failed to get the response body"); } }
/** * \brief UserInfoエンドポイントリソース取得メソッド * */ public function fetchUserInfo() { parent::setParam("schema", $this->schema); parent::fetchResource($this->url, "GET"); $res_body = parent::getLastResponse(); $json_response = json_decode($res_body, true); Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response); if ($json_response != null) { if (empty($json_response["error"])) { $this->user_info = $json_response; } else { $error = $json_response["error"]; $error_desc = $json_response["error_description"]; Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc); throw new ApiException($error, $error_desc); } } else { Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body"); throw new ApiException("no_response", "Failed to get the response body"); } }
/** * \brief Tokenエンドポイントリソース取得メソッド */ public function fetchToken() { parent::setParam("grant_type", GrantType::REFRESH_TOKEN); parent::setParam("refresh_token", $this->refresh_token); parent::fetchToken(); $res_body = parent::getResponse(); // JSONパラメータ抽出処理 $json_response = json_decode($res_body, true); Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response); if ($json_response != null) { if (empty($json_response["error"])) { $access_token = $json_response["access_token"]; $exp = $json_response["expires_in"]; $this->access_token = new BearerToken($access_token, $exp); } else { $error = $json_response["error"]; $error_desc = $json_response["error_description"]; Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc); throw new TokenException($error, $error_desc); } } else { Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body"); throw new TokenException("no_response", "Failed to get the response body"); } Logger::debug("refresh token response(" . get_class() . "::" . __FUNCTION__ . ")", array($this->access_token)); Logger::info("got access and refresh token(" . get_class() . "::" . __FUNCTION__ . ")"); }
public static function verify($object, $auth_nonce, $client_id, $acceptable_range = 600) { // Is iss equal to issuer ? if (self::$issuer != $object->iss) { throw new IdTokenException("Invalid issuer.", "The issuer did not match.({$object->iss})"); } // Is nonce equal to this nonce (was issued at the request authorization) ? if ($auth_nonce != $object->nonce) { throw new IdTokenException("Not match nonce.", "The nonce did not match.({$auth_nonce}, {$object->nonce})"); } // Is aud equal to the client_id (Application ID) ? if ( $client_id != $object->aud ) if ($client_id != $object->aud) { throw new IdTokenException("Invalid audience.", "The client id did not match.({$object->aud})"); } // Is corrent time less than exp ? if (time() > $object->exp) { throw new IdTokenException("Expired ID Token.", "Re-issue Id Token.({$object->exp})"); } Logger::debug("current time: " . time() . ", exp: {$object->exp}(" . get_class() . "::" . __FUNCTION__ . ")"); // prevent attacks $time_diff = time() - $object->iat; if ($time_diff > $acceptable_range) { throw new IdTokenException("Over acceptable range.", "This access has expired possible.({$time_diff} sec)"); } Logger::debug("current time - iat = {$time_diff}, current time: " . time() . ", iat: {$object->iat}(" . get_class() . "::" . __FUNCTION__ . ")"); return true; }
/** * \brief Tokenエンドポイントリソース取得メソッド */ public function fetchToken() { parent::setParam("grant_type", GrantType::AUTHORIZATION_CODE); parent::setParam("code", $this->code); parent::setParam("redirect_uri", $this->redirect_uri); parent::fetchToken(); $res_body = parent::getResponse(); // JSONパラメータ抽出処理 $json_response = json_decode($res_body, true); Logger::debug("json response(" . get_class() . "::" . __FUNCTION__ . ")", $json_response); if ($json_response != null) { if (empty($json_response["error"])) { $access_token = $json_response["access_token"]; $exp = $json_response["expires_in"]; $refresh_token = $json_response["refresh_token"]; $this->access_token = new BearerToken($access_token, $exp); $this->refresh_token = new RefreshToken($refresh_token); if (array_key_exists("id_token", $json_response)) { $id_token = $json_response["id_token"]; $id_token_object = new IdToken($id_token, $this->cred->secret); $this->id_token = $id_token_object->getIdToken(); } } else { $error = $json_response["error"]; $error_desc = $json_response["error_description"]; Logger::error($error . "(" . get_class() . "::" . __FUNCTION__ . ")", $error_desc); throw new TokenException($error, $error_desc); } } else { Logger::error("no_response(" . get_class() . "::" . __FUNCTION__ . ")", "Failed to get the response body"); throw new TokenException("no_response", "Failed to get the response body"); } Logger::debug("token endpoint response(" . get_class() . "::" . __FUNCTION__ . ")", array($this->access_token, $this->refresh_token)); Logger::info("got access and refresh token(" . get_class() . "::" . __FUNCTION__ . ")"); }