|
public finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, |
||
| $isAuthorized | boolean | true or false depending on whether the user authorized the access. |
| $data | mixed | Application data |
| $request | ||
| $scope | string | null | |
| return | ||
public function finishClientAuthorization($isAuthorized, $data = null, Request $request = null, $scope = null)
{
// In theory, this could be POSTed by a 3rd-party (because we are not
// internally enforcing NONCEs, etc)
$params = $this->getAuthorizeParams($request);
/**
* Associative array as below:
* - response_type: The requested response: an access token, an
* authorization code, or both.
* - client_id: The client identifier as described in Section 2.
* - redirect_uri: An absolute URI to which the authorization server
* will redirect the user-agent to when the end-user authorization
* step is completed.
* - scope: (optional) The scope of the access request expressed as a
* list of space-delimited strings.
* - state: (optional) An opaque value used by the client to maintain
* state between the request and callback.
*
* @var array
*/
$params += array('state' => null);
$result = array();
if ($isAuthorized === false) {
$method = $params["response_type"] == self::RESPONSE_TYPE_AUTH_CODE ? self::TRANSPORT_QUERY : self::TRANSPORT_FRAGMENT;
throw new OAuth2RedirectException($params["redirect_uri"], self::ERROR_USER_DENIED, "The user denied access to your application", $params["state"], $method);
} else {
if ($params["response_type"] === self::RESPONSE_TYPE_AUTH_CODE) {
$result[self::TRANSPORT_QUERY]['state'] = $params["state"];
$result[self::TRANSPORT_QUERY]["code"] = $this->createAuthCode($params["client"], $data, $params["redirect_uri"], $scope);
} elseif ($params["response_type"] === self::RESPONSE_TYPE_ACCESS_TOKEN) {
$result[self::TRANSPORT_FRAGMENT]['state'] = $params["state"];
$result[self::TRANSPORT_FRAGMENT] += $this->createAccessToken($params["client"], $data, $scope, null, false);
}
}
return $this->createRedirectUriCallbackResponse($params["redirect_uri"], $result);
} /**
* Creates and returns access token for a user
* @param AdvancedUserInterface $user [description]
* @return [type] [description]
*/
public function generateAccessToken(AdvancedUserInterface $user)
{
if (is_null($user->getOAuthClient()->getId())) {
throw new \Exception('User must have an OAuth Client', 500);
}
// Search valid token
$oauth_access_token = $this->oauth_manipulator->getValidTokenForClient($user->getOAuthClient());
if (!is_null($oauth_access_token)) {
return $oauth_access_token->getToken();
}
// Or else, creates a new one
// Forge request to satisfy OAuth2 server
$request = new Request();
$request->query->add(['client_id' => $user->getOAuthClient()->getPublicId(), 'response_type' => OAuth2::RESPONSE_TYPE_ACCESS_TOKEN, 'redirect_uri' => $user->getOAuthClient()->getRedirectUris()[0]]);
$response = $this->oauth2->finishClientAuthorization(true, $user, $request, null);
if ($response instanceof Response) {
$location = str_replace('#', '?', $response->headers->get('location'));
$query_string = parse_url($location, PHP_URL_QUERY);
parse_str($query_string, $queries);
if (isset($queries['access_token'])) {
$access_token = $queries['access_token'];
return $access_token;
}
} else {
throw new Exception("Token creation ; unknown response type : " . get_class($response), 500);
}
}
