From b6955a6c65c84e4b4c4faa360ae70ea9477ecd7c Mon Sep 17 00:00:00 2001
From: Chris Tanaskoski <chris.tanaskoski@lyceo.nl>
Date: Thu, 29 Nov 2018 09:33:12 +0100
Subject: [PATCH] Fixed respondToAccessTokenRequest such that it accepts
 client_id through request body and Http Basic Auth

---
 src/Grant/AbstractGrant.php | 33 ++++++++++++++++++++++++---------
 src/Grant/AuthCodeGrant.php |  6 +-----
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/src/Grant/AbstractGrant.php b/src/Grant/AbstractGrant.php
index 4531a6a3..65ab16cf 100644
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -171,15 +171,7 @@ abstract class AbstractGrant implements GrantTypeInterface
      */
     protected function validateClient(ServerRequestInterface $request)
     {
-        list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
-
-        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
-
-        if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
-
-        $clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
+        list($clientId, $clientSecret) = $this->getClientCredentials($request);
 
         if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
@@ -199,6 +191,29 @@ abstract class AbstractGrant implements GrantTypeInterface
         return $client;
     }
 
+    /**
+     * Gets the client credentials from the request from the request body or
+     * the Http Basic Authorization header
+     *
+     * @param ServerRequestInterface $request
+     *
+     * @return array
+     */
+    protected function getClientCredentials(ServerRequestInterface $request)
+    {
+        list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
+
+        $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
+
+        if (is_null($clientId)) {
+            throw OAuthServerException::invalidRequest('client_id');
+        }
+
+        $clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
+
+        return [$clientId, $clientSecret];
+    }
+
     /**
      * Validate redirectUri from the request.
      * If a redirect URI is provided ensure it matches what is pre-registered
diff --git a/src/Grant/AuthCodeGrant.php b/src/Grant/AuthCodeGrant.php
index 974f8373..c340fe96 100644
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@@ -90,11 +90,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
         ResponseTypeInterface $responseType,
         \DateInterval $accessTokenTTL
     ) {
-        $clientId = $this->getRequestParameter('client_id', $request, null);
-
-        if ($clientId === null) {
-            throw OAuthServerException::invalidRequest('client_id');
-        }
+        list($clientId) = $this->getClientCredentials($request);
 
         $client = $this->clientRepository->getClientEntity($clientId);