/** * @return AccessToken */ private function getValidAuthorizationCode() { $authorizationCode = new AuthorizationCode(); $authorizationCode->setToken('azerty_auth'); $authorizationCode->setScopes('read'); $validDate = new DateTime(); $validDate->add(new DateInterval('PT1H')); $authorizationCode->setExpiresAt($validDate); return $authorizationCode; }
/** * {@inheritDoc} * @throws OAuth2Exception */ public function createAuthorizationResponse(ServerRequestInterface $request, Client $client, TokenOwnerInterface $owner = null) { $queryParams = $request->getQueryParams(); // We must validate some parameters first $responseType = $queryParams['response_type'] ?? null; if ($responseType !== self::GRANT_RESPONSE_TYPE) { throw OAuth2Exception::invalidRequest(sprintf('The desired grant type must be "code", but "%s" was given', $responseType)); } // We try to fetch the redirect URI from query param as per spec, and if none found, we just use // the first redirect URI defined in the client $redirectUri = $queryParams['redirect_uri'] ?? $client->getRedirectUris()[0]; // If the redirect URI cannot be found in the list, we throw an error as we don't want the user // to be redirected to an unauthorized URL if (!$client->hasRedirectUri($redirectUri)) { throw OAuth2Exception::invalidRequest('Redirect URI does not match the registered one'); } // Scope and state allow to perform additional validation $scope = $queryParams['scope'] ?? null; $state = $queryParams['state'] ?? null; $authorizationCode = new AuthorizationCode(); $authorizationCode->setRedirectUri($redirectUri); $this->populateToken($authorizationCode, $client, $owner, $scope); $authorizationCode = $this->authorizationCodeService->createToken($authorizationCode); $uri = http_build_query(array_filter(['code' => $authorizationCode->getToken(), 'state' => $state])); return new Response\RedirectResponse($redirectUri . '?' . $uri); }
public function testDoNotSupportLongLiveToken() { $accessToken = new AuthorizationCode(); $this->assertTrue($accessToken->isExpired()); }