AuthBucket\OAuth2\GrantType\RefreshTokenGrantTypeHandler::checkRefreshToken PHP Метод

checkRefreshToken() приватный Метод

Check refresh_token supplied, return stored username and scope.
private checkRefreshToken ( Request $request, string $clientId ) : array
$request Symfony\Component\HttpFoundation\Request Incoming request object
$clientId string Corresponding client_id that refresh_token should belongs to
Результат array A list with stored username and scope, originally grant in authorize endpoint
    private function checkRefreshToken(Request $request, $clientId)
    {
        // refresh_token must exists and in valid format.
        $refreshToken = $request->request->get('refresh_token');
        $errors = $this->validator->validate($refreshToken, [new NotBlank(), new RefreshToken()]);
        if (count($errors) > 0) {
            throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']);
        }
        // scope may not exists, else must be in valid format.
        $scope = $request->request->get('scope');
        $errors = $this->validator->validate($scope, [new Scope()]);
        if (count($errors) > 0) {
            throw new InvalidRequestException(['error_description' => 'The request includes an invalid parameter value.']);
        }
        // Check refresh_token with database record.
        $refreshTokenManager = $this->modelManagerFactory->getModelManager('refresh_token');
        $result = $refreshTokenManager->readModelOneBy(['refreshToken' => $refreshToken]);
        if ($result === null || $result->getClientId() !== $clientId) {
            throw new InvalidGrantException(['error_description' => 'The provided refresh token was issued to another client.']);
        } elseif ($result->getExpires() < new \DateTime()) {
            throw new InvalidGrantException(['error_description' => 'The provided refresh token is expired.']);
        }
        // Fetch username from stored refresh_token.
        $username = $result->getUsername();
        // Fetch scope from pre-grnerated refresh_token.
        $scopeGranted = null;
        if ($result !== null && $result->getClientId() == $clientId && $result->getScope()) {
            $scopeGranted = $result->getScope();
        }
        // Compare if given scope is subset of original refresh_token's scope.
        if ($scope !== null && $scopeGranted !== null) {
            // Compare if given scope within all available granted scopes.
            $scope = preg_split('/\\s+/', $scope);
            if (array_intersect($scope, $scopeGranted) !== $scope) {
                throw new InvalidScopeException(['error_description' => 'The requested scope exceeds the scope granted by the resource owner.']);
            }
        } elseif ($scopeGranted !== null) {
            $scope = $scopeGranted;
        }
        if ($scope !== null) {
            // Compare if given scope within all supported scopes.
            $scopeSupported = [];
            $scopeManager = $this->modelManagerFactory->getModelManager('scope');
            $result = $scopeManager->readModelAll();
            if ($result !== null) {
                foreach ($result as $row) {
                    $scopeSupported[] = $row->getScope();
                }
            }
            if (array_intersect($scope, $scopeSupported) !== $scope) {
                throw new InvalidScopeException(['error_description' => 'The requested scope is unknown.']);
            }
            // Compare if given scope within all authorized scopes.
            $scopeAuthorized = [];
            $authorizeManager = $this->modelManagerFactory->getModelManager('authorize');
            $result = $authorizeManager->readModelOneBy(['clientId' => $clientId, 'username' => $username]);
            if ($result !== null) {
                $scopeAuthorized = $result->getScope();
            }
            if (array_intersect($scope, $scopeAuthorized) !== $scope) {
                throw new InvalidScopeException(['error_description' => 'The requested scope exceeds the scope granted by the resource owner.']);
            }
        }
        return [$username, $scope];
    }
RefreshTokenGrantTypeHandler