mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-05 19:43:56 +05:30
If the client should redirect during AuthCodeGrant authorisation then provide a redirect uri
This commit is contained in:
Alex Bilbie
parent
b9debaab26
commit
6b29b7450e
@ -30,7 +30,7 @@ class InvalidRequestException extends OAuthException
|
|||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function __construct($parameter, $shouldRedirect = false)
|
public function __construct($parameter, $redirectUri = null)
|
||||||
{
|
{
|
||||||
parent::__construct(
|
parent::__construct(
|
||||||
sprintf(
|
sprintf(
|
||||||
@ -39,6 +39,6 @@ class InvalidRequestException extends OAuthException
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->serverShouldRedirect = $shouldRedirect;
|
$this->redirectUri = $redirectUri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -30,7 +30,7 @@ class InvalidScopeException extends OAuthException
|
|||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function __construct($parameter, $shouldRedirect = false)
|
public function __construct($parameter, $redirectUri = null)
|
||||||
{
|
{
|
||||||
parent::__construct(
|
parent::__construct(
|
||||||
sprintf(
|
sprintf(
|
||||||
@ -39,6 +39,6 @@ class InvalidScopeException extends OAuthException
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->serverShouldRedirect = $shouldRedirect;
|
$this->redirectUri = $redirectUri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -24,10 +24,10 @@ class OAuthException extends \Exception
|
|||||||
public $httpStatusCode = 400;
|
public $httpStatusCode = 400;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If true the server should redirect back to the client
|
* Redirect URI if the server should redirect back to the client
|
||||||
* @var boolean
|
* @var string|null
|
||||||
*/
|
*/
|
||||||
public $serverShouldRedirect = false;
|
public $redirectUri = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The exception type
|
* The exception type
|
||||||
@ -48,7 +48,22 @@ class OAuthException extends \Exception
|
|||||||
*/
|
*/
|
||||||
public function shouldRedirect()
|
public function shouldRedirect()
|
||||||
{
|
{
|
||||||
return $this->serverShouldRedirect;
|
return is_null($this->redirectUri) ? false : true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return redirect URI if set
|
||||||
|
* @return string|null
|
||||||
|
*/
|
||||||
|
public function getRedirectUri()
|
||||||
|
{
|
||||||
|
return \League\OAuth2\Server\Util\RedirectUri::make(
|
||||||
|
$this->redirectUri,
|
||||||
|
[
|
||||||
|
'error' => $this->errorType,
|
||||||
|
'message' => $this->getMessage(),
|
||||||
|
]
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -29,9 +29,9 @@ class UnsupportedResponseTypeException extends OAuthException
|
|||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
public function __construct($parameter)
|
public function __construct($parameter, $redirectUri = null)
|
||||||
{
|
{
|
||||||
parent::__construct('The authorization server does not support obtaining an access token using this method.');
|
parent::__construct('The authorization server does not support obtaining an access token using this method.');
|
||||||
$this->serverShouldRedirect = true;
|
$this->redirectUri = $redirectUri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -121,11 +121,12 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
/**
|
/**
|
||||||
* Given a list of scopes, validate them and return an array of Scope entities
|
* Given a list of scopes, validate them and return an array of Scope entities
|
||||||
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
|
* @param string $scopeParam A string of scopes (e.g. "profile email birthday")
|
||||||
* @param \League\OAuth2\Server\Entity\ClientEntity $client A string of scopes (e.g. "profile email birthday")
|
* @param \League\OAuth2\Server\Entity\ClientEntity $client Client entity
|
||||||
|
* @param string|null $redirectUri The redirect URI to return the user to
|
||||||
* @return \League\OAuth2\Server\Entity\ScopeEntity[]
|
* @return \League\OAuth2\Server\Entity\ScopeEntity[]
|
||||||
* @throws \League\OAuth2\Server\Exception\ClientException If scope is invalid, or no scopes passed when required
|
* @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
|
||||||
*/
|
*/
|
||||||
public function validateScopes($scopeParam = '', ClientEntity $client)
|
public function validateScopes($scopeParam = '', ClientEntity $client, $redirectUri = null)
|
||||||
{
|
{
|
||||||
$scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);
|
$scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);
|
||||||
|
|
||||||
@ -160,7 +161,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
|||||||
);
|
);
|
||||||
|
|
||||||
if (($scope instanceof ScopeEntity) === false) {
|
if (($scope instanceof ScopeEntity) === false) {
|
||||||
throw new Exception\InvalidScopeException($scopeItem, true);
|
throw new Exception\InvalidScopeException($scopeItem, $redirectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
$scopes[$scope->getId()] = $scope;
|
$scopes[$scope->getId()] = $scope;
|
||||||
|
|||||||
@ -99,22 +99,22 @@ class AuthCodeGrant extends AbstractGrant
|
|||||||
|
|
||||||
$state = $this->server->getRequest()->query->get('state', null);
|
$state = $this->server->getRequest()->query->get('state', null);
|
||||||
if ($this->server->stateParamRequired() === true && is_null($state)) {
|
if ($this->server->stateParamRequired() === true && is_null($state)) {
|
||||||
throw new Exception\InvalidRequestException('state', true);
|
throw new Exception\InvalidRequestException('state', $redirectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
$responseType = $this->server->getRequest()->query->get('response_type', null);
|
$responseType = $this->server->getRequest()->query->get('response_type', null);
|
||||||
if (is_null($responseType)) {
|
if (is_null($responseType)) {
|
||||||
throw new Exception\InvalidRequestException('response_type', true);
|
throw new Exception\InvalidRequestException('response_type', $redirectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure response type is one that is recognised
|
// Ensure response type is one that is recognised
|
||||||
if (!in_array($responseType, $this->server->getResponseTypes())) {
|
if (!in_array($responseType, $this->server->getResponseTypes())) {
|
||||||
throw new Exception\UnsupportedResponseTypeException($responseType);
|
throw new Exception\UnsupportedResponseTypeException($responseType, $redirectUri);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate any scopes that are in the request
|
// Validate any scopes that are in the request
|
||||||
$scopeParam = $this->server->getRequest()->query->get('scope', '');
|
$scopeParam = $this->server->getRequest()->query->get('scope', '');
|
||||||
$scopes = $this->validateScopes($scopeParam, $client);
|
$scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'client' => $client,
|
'client' => $client,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user