OAuth2\OAuth2::verifyAccessToken PHP Method

OAuth2 Class Documentation Usage Examples Of OAuth2\OAuth2::verifyAccessToken Datei anzeigen Open project: friendsofsymfony/oauth2-php

verifyAccessToken() public method

The token is returned (as an associative array) if valid. The scope parameter defines any required scope that the token must have. If a scope param is provided and the token does not have the required scope, we bounce the request. Some implementations may choose to return a subset of the protected resource (i.e. "public" data) if the user has not provided an access token or if the access token is invalid or expired. The IETF spec says that we should send a 401 Unauthorized header and bail immediately so that's what the defaults are set to. You can catch the exception thrown and behave differently if you like (log errors, allow public access for missing tokens, etc)
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7
public verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken
$tokenParam string
$scope string A space-separated string of required scope(s), if you want to check for scope.
return OAuth2\Model\IOAuth2AccessToken Token 
    public function verifyAccessToken($tokenParam, $scope = null)
    {
        $tokenType = $this->getVariable(self::CONFIG_TOKEN_TYPE);
        $realm = $this->getVariable(self::CONFIG_WWW_REALM);
        if (!$tokenParam) {
            // Access token was not provided
            throw new OAuth2AuthenticateException(self::HTTP_BAD_REQUEST, $tokenType, $realm, self::ERROR_INVALID_REQUEST, 'The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, uses more than one method for including an access token, or is otherwise malformed.', $scope);
        }
        // Get the stored token data (from the implementing subclass)
        $token = $this->storage->getAccessToken($tokenParam);
        if (!$token) {
            throw new OAuth2AuthenticateException(self::HTTP_UNAUTHORIZED, $tokenType, $realm, self::ERROR_INVALID_GRANT, 'The access token provided is invalid.', $scope);
        }
        // Check token expiration (expires is a mandatory paramter)
        if ($token->hasExpired()) {
            throw new OAuth2AuthenticateException(self::HTTP_UNAUTHORIZED, $tokenType, $realm, self::ERROR_INVALID_GRANT, 'The access token provided has expired.', $scope);
        }
        // Check scope, if provided
        // If token doesn't have a scope, it's null/empty, or it's insufficient, then throw an error
        if ($scope && (!$token->getScope() || !$this->checkScope($scope, $token->getScope()))) {
            throw new OAuth2AuthenticateException(self::HTTP_FORBIDDEN, $tokenType, $realm, self::ERROR_INSUFFICIENT_SCOPE, 'The request requires higher privileges than provided by the access token.', $scope);
        }
        return $token;
    }

Usage Example

Beispiel #1
1
 /**
  * {@inheritdoc}
  */
 public function authenticate(TokenInterface $token)
 {
     if (!$this->supports($token)) {
         return null;
     }
     try {
         $tokenString = $token->getToken();
         if ($accessToken = $this->serverService->verifyAccessToken($tokenString)) {
             $scope = $accessToken->getScope();
             $user = $accessToken->getUser();
             $roles = null !== $user ? $user->getRoles() : array();
             if (!empty($scope)) {
                 foreach (explode(' ', $scope) as $role) {
                     $roles[] = 'ROLE_' . strtoupper($role);
                 }
             }
             $token = new OAuthToken($roles);
             $token->setAuthenticated(true);
             $token->setToken($tokenString);
             if (null !== $user) {
                 $token->setUser($user);
             }
             return $token;
         }
     } catch (OAuth2ServerException $e) {
         throw new AuthenticationException('OAuth2 authentication failed', null, 0, $e);
     }
     throw new AuthenticationException('OAuth2 authentication failed');
 }
All Usage Examples Of OAuth2\OAuth2::verifyAccessToken
OAuth2
__construct
buildUri
checkScope
createAccessToken
createAuthCode
createRedirectUriCallbackResponse
finishClientAuthorization
genAccessToken
genAuthCode
getAuthorizationHeader
getAuthorizeParams
getBearerToken
getBearerTokenFromFormEncodedBody
getBearerTokenFromHeaders
getBearerTokenFromQuery
getClientCredentials
getJsonHeaders
getRedirectUri
getVariable
grantAccessToken
grantAccessTokenAuthCode
grantAccessTokenClientCredentials
grantAccessTokenExtension
grantAccessTokenRefreshToken
grantAccessTokenUserCredentials
setDefaultOptions
setVariable
validateRedirectUri
verifyAccessToken