ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-12-22 21:19:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fixed respondToAccessTokenRequest such that it accepts client_id through request body and Http Basic Auth

Browse Source
This commit is contained in:
Chris Tanaskoski 2018-11-29 09:33:12 +01:00
parent ec8a663a81
commit b6955a6c65
2 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/Grant/AbstractGrant.php
View File

@ -171,15 +171,7 @@ abstract class AbstractGrant implements GrantTypeInterface
*/ */
protected function validateClient(ServerRequestInterface $request) protected function validateClient(ServerRequestInterface $request)
{ {
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request); list($clientId, $clientSecret) = $this->getClientCredentials($request);
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) { if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) {
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
@ -199,6 +191,29 @@ abstract class AbstractGrant implements GrantTypeInterface
return $client; return $client;
} }
/**
* Gets the client credentials from the request from the request body or
* the Http Basic Authorization header
*
* @param ServerRequestInterface $request
*
* @return array
*/
protected function getClientCredentials(ServerRequestInterface $request)
{
list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
$clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id');
}
$clientSecret = $this->getRequestParameter('client_secret', $request, $basicAuthPassword);
return [$clientId, $clientSecret];
}
/** /**
* Validate redirectUri from the request. * Validate redirectUri from the request.
* If a redirect URI is provided ensure it matches what is pre-registered * If a redirect URI is provided ensure it matches what is pre-registered

6
src/Grant/AuthCodeGrant.php
View File

@ -90,11 +90,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
ResponseTypeInterface $responseType, ResponseTypeInterface $responseType,
\DateInterval $accessTokenTTL \DateInterval $accessTokenTTL
) { ) {
$clientId = $this->getRequestParameter('client_id', $request, null); list($clientId) = $this->getClientCredentials($request);
if ($clientId === null) {
throw OAuthServerException::invalidRequest('client_id');
}
$client = $this->clientRepository->getClientEntity($clientId); $client = $this->clientRepository->getClientEntity($clientId);