protected function checkRedirectUri(Request $request, $clientId)
{
// redirect_uri may not exists.
$redirectUri = $request->query->get('redirect_uri');
$errors = $this->validator->validate($redirectUri, [new RedirectUri()]);
if (count($errors) > 0) {
throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']);
}
// redirect_uri is not required if already established via other channels,
// check an existing redirect URI against the one supplied.
$redirectUriStored = null;
$clientManager = $this->modelManagerFactory->getModelManager('client');
$result = $clientManager->readModelOneBy(['clientId' => $clientId]);
if ($result !== null && $result->getRedirectUri()) {
$redirectUriStored = $result->getRedirectUri();
}
// At least one of: existing redirect URI or input redirect URI must be
// specified.
if (!$redirectUriStored && !$redirectUri) {
throw new InvalidRequestException(['error_description' => 'The request is missing a required parameter.']);
}
// If there's an existing uri and one from input, verify that they match.
if ($redirectUriStored && $redirectUri) {
// Ensure that the input uri starts with the stored uri.
if (strcasecmp(substr($redirectUri, 0, strlen($redirectUriStored)), $redirectUriStored) !== 0) {
throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value']);
}
}
return $redirectUri ?: $redirectUriStored;
}
