protected function checkScope(Request $request, $clientId, $username)
{
// scope may not exists.
$scope = $request->request->get('scope');
if (empty($scope)) {
return;
}
// scope must be in valid format.
$errors = $this->validator->validate($scope, [new Scope()]);
if (count($errors) > 0) {
throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']);
}
$scope = preg_split('/\\s+/', $scope);
// Compare if given scope within all supported scopes.
$scopeSupported = [];
$scopeManager = $this->modelManagerFactory->getModelManager('scope');
$result = $scopeManager->readModelAll();
if ($result !== null) {
foreach ($result as $row) {
$scopeSupported[] = $row->getScope();
}
}
if (array_intersect($scope, $scopeSupported) !== $scope) {
throw new InvalidScopeException(['error_description' => 'The requested scope is unknown.']);
}
// Compare if given scope within all authorized scopes.
$scopeAuthorized = [];
$authorizeManager = $this->modelManagerFactory->getModelManager('authorize');
$result = $authorizeManager->readModelOneBy(['clientId' => $clientId, 'username' => $username]);
if ($result !== null) {
$scopeAuthorized = $result->getScope();
}
if (array_intersect($scope, $scopeAuthorized) !== $scope) {
throw new InvalidScopeException(['error_description' => 'The requested scope exceeds the scope granted by the resource owner.']);
}
return $scope;
}
