/**
* Get the client (after authenticating it)
*
* According to the spec (http://tools.ietf.org/html/rfc6749#section-2.3), for public clients we do
* not need to authenticate them
*
* @return Client|null
* @throws OAuth2Exception (invalid_client) When a client secret is missing or client authentication failed
*/
private function getClient(ServerRequestInterface $request, bool $allowPublicClients)
{
list($id, $secret) = $this->extractClientCredentials($request);
// If the grant type we are issuing does not allow public clients, and that the secret is
// missing, then we have an error...
if (!$allowPublicClients && !$secret) {
throw OAuth2Exception::invalidClient('Client secret is missing');
}
// If we allow public clients and no client id was set, we can return null
if ($allowPublicClients && !$id) {
return null;
}
$client = $this->clientService->getClient($id);
// We delegate all the checks to the client service
if (null === $client || !$allowPublicClients && !$client->authenticate($secret)) {
throw OAuth2Exception::invalidClient('Client authentication failed');
}
return $client;
}
public function testCanGetClient()
{
$client = new Client();
$this->clientRepository->expects($this->once())->method('findById')->with('client_id')->will($this->returnValue($client));
$this->assertSame($client, $this->clientService->getClient('client_id'));
}
public function testCanGetClient()
{
$client = Client::reconstitute(['id' => 'client_id', 'name' => 'name', 'secret' => '', 'redirectUris' => []]);
$this->clientRepository->expects($this->once())->method('findById')->with('client_id')->will($this->returnValue($client));
$this->assertSame($client, $this->clientService->getClient('client_id'));
}
