mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 13:39:48 +05:30
Method to get all headers for the error response
Method added to get all required headers for the error response, according to the RFC - the correct HTTP status code and the "WWW-Authenticate" header in special cases.
This commit is contained in:
parent
28f85e3bea
commit
e563230f10
@ -117,6 +117,85 @@ class AuthServer
|
||||
'invalid_refresh' => 'The refresh token is invalid.',
|
||||
);
|
||||
|
||||
/**
|
||||
* Exception error HTTP status codes
|
||||
* @var array
|
||||
*
|
||||
* RFC 6749, section 4.1.2.1.:
|
||||
* No 503 status code for 'temporarily_unavailable', because
|
||||
* "a 503 Service Unavailable HTTP status code cannot be
|
||||
* returned to the client via an HTTP redirect"
|
||||
*/
|
||||
protected static $exceptionHttpStatusCodes = array(
|
||||
'invalid_request' => 400,
|
||||
'unauthorized_client' => 400,
|
||||
'access_denied' => 401,
|
||||
'unsupported_response_type' => 400,
|
||||
'invalid_scope' => 400,
|
||||
'server_error' => 500,
|
||||
'temporarily_unavailable' => 400,
|
||||
'unsupported_grant_type' => 400,
|
||||
'invalid_client' => 401,
|
||||
'invalid_grant' => 400,
|
||||
'invalid_credentials' => 400,
|
||||
'invalid_refresh' => 400,
|
||||
);
|
||||
|
||||
/**
|
||||
* Get all headers that have to be send with the error response
|
||||
*
|
||||
* @param string $error The error message key
|
||||
* @return array Array with header values
|
||||
*/
|
||||
public static function getExceptionHttpHeaders($error)
|
||||
{
|
||||
$headers = array();
|
||||
switch (self::$exceptionHttpStatusCodes[$error]) {
|
||||
case 401:
|
||||
$headers[] = 'HTTP/1.1 401 Unauthorized';
|
||||
break;
|
||||
case 500:
|
||||
$headers[] = 'HTTP/1.1 500 Internal Server Error';
|
||||
break;
|
||||
case 501:
|
||||
$headers[] = 'HTTP/1.1 501 Not Implemented';
|
||||
break;
|
||||
case 400:
|
||||
default:
|
||||
$headers[] = 'HTTP/1.1 400 Bad Request';
|
||||
}
|
||||
|
||||
// Add "WWW-Authenticate" header
|
||||
//
|
||||
// RFC 6749, section 5.2.:
|
||||
// "If the client attempted to authenticate via the 'Authorization'
|
||||
// request header field, the authorization server MUST
|
||||
// respond with an HTTP 401 (Unauthorized) status code and
|
||||
// include the "WWW-Authenticate" response header field
|
||||
// matching the authentication scheme used by the client.
|
||||
if ($error === 'invalid_client') {
|
||||
$auth_scheme = null;
|
||||
$request = new Request();
|
||||
if ($request->server('PHP_AUTH_USER') !== null) {
|
||||
$auth_scheme = 'Basic';
|
||||
} else {
|
||||
$auth_header = $request->header('Authorization');
|
||||
if ($auth_header !== null) {
|
||||
if (strpos($auth_header, 'Bearer') === 0) {
|
||||
$auth_scheme = 'Bearer';
|
||||
} elseif (strpos($auth_header, 'Basic') === 0) {
|
||||
$auth_scheme = 'Basic';
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($auth_scheme !== null) {
|
||||
$headers[] = "WWW-Authenticate: $auth_scheme realm=\"\"";
|
||||
}
|
||||
}
|
||||
|
||||
return $headers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get an exception message
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user