mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 13:09:44 +05:30
Fixed respondToAccessTokenRequest such that it accepts client_id through request body and Http Basic Auth
This commit is contained in:
parent
ec8a663a81
commit
b6955a6c65
@ -171,15 +171,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
*/
|
||||
protected function validateClient(ServerRequestInterface $request)
|
||||
{
|
||||
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
|
||||
|
||||
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
|
||||
|
||||
if (is_null($clientId)) {
|
||||
throw OAuthServerException::invalidRequest('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
|
||||
list($clientId, $clientSecret) = $this->getClientCredentials($request);
|
||||
|
||||
if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) {
|
||||
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
|
||||
@ -199,6 +191,29 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
return $client;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the client credentials from the request from the request body or
|
||||
* the Http Basic Authorization header
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
protected function getClientCredentials(ServerRequestInterface $request)
|
||||
{
|
||||
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
|
||||
|
||||
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
|
||||
|
||||
if (is_null($clientId)) {
|
||||
throw OAuthServerException::invalidRequest('client_id');
|
||||
}
|
||||
|
||||
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
|
||||
|
||||
return [$clientId, $clientSecret];
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate redirectUri from the request.
|
||||
* If a redirect URI is provided ensure it matches what is pre-registered
|
||||
|
@ -90,11 +90,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
|
||||
ResponseTypeInterface $responseType,
|
||||
\DateInterval $accessTokenTTL
|
||||
) {
|
||||
$clientId = $this->getRequestParameter('client_id', $request, null);
|
||||
|
||||
if ($clientId === null) {
|
||||
throw OAuthServerException::invalidRequest('client_id');
|
||||
}
|
||||
list($clientId) = $this->getClientCredentials($request);
|
||||
|
||||
$client = $this->clientRepository->getClientEntity($clientId);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user