public function finishClientAuthorization($isAuthorized, $data = null, Request $request = null, $scope = null)
{
// In theory, this could be POSTed by a 3rd-party (because we are not
// internally enforcing NONCEs, etc)
$params = $this->getAuthorizeParams($request);
/**
* Associative array as below:
* - response_type: The requested response: an access token, an
* authorization code, or both.
* - client_id: The client identifier as described in Section 2.
* - redirect_uri: An absolute URI to which the authorization server
* will redirect the user-agent to when the end-user authorization
* step is completed.
* - scope: (optional) The scope of the access request expressed as a
* list of space-delimited strings.
* - state: (optional) An opaque value used by the client to maintain
* state between the request and callback.
*
* @var array
*/
$params += array('state' => null);
$result = array();
if ($isAuthorized === false) {
$method = $params["response_type"] == self::RESPONSE_TYPE_AUTH_CODE ? self::TRANSPORT_QUERY : self::TRANSPORT_FRAGMENT;
throw new OAuth2RedirectException($params["redirect_uri"], self::ERROR_USER_DENIED, "The user denied access to your application", $params["state"], $method);
} else {
if ($params["response_type"] === self::RESPONSE_TYPE_AUTH_CODE) {
$result[self::TRANSPORT_QUERY]['state'] = $params["state"];
$result[self::TRANSPORT_QUERY]["code"] = $this->createAuthCode($params["client"], $data, $params["redirect_uri"], $scope);
} elseif ($params["response_type"] === self::RESPONSE_TYPE_ACCESS_TOKEN) {
$result[self::TRANSPORT_FRAGMENT]['state'] = $params["state"];
$result[self::TRANSPORT_FRAGMENT] += $this->createAccessToken($params["client"], $data, $scope, null, false);
}
}
return $this->createRedirectUriCallbackResponse($params["redirect_uri"], $result);
}