forked from simplesamlphp/simplesamlphp-module-oidc
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathIssueAccessTokenTrait.php
More file actions
106 lines (95 loc) · 3.83 KB
/
IssueAccessTokenTrait.php
File metadata and controls
106 lines (95 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
declare(strict_types=1);
namespace SimpleSAML\Module\oidc\Server\Grants\Traits;
use DateInterval;
use DateTimeImmutable;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
use League\OAuth2\Server\Grant\AbstractGrant;
use SimpleSAML\Module\oidc\Codebooks\FlowTypeEnum;
use SimpleSAML\Module\oidc\Entities\Interfaces\AccessTokenEntityInterface;
use SimpleSAML\Module\oidc\Factories\Entities\AccessTokenEntityFactory;
use SimpleSAML\Module\oidc\Repositories\Interfaces\AccessTokenRepositoryInterface;
use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
/**
* Trait IssueAccessTokenTrait
* Certain parts of AbstractGrant are difficult to extend. This trait takes issueToken from AbstractGrant that we want
* to change for our grants
* @package SimpleSAML\Module\oidc\Server\Grants\Traits
*/
trait IssueAccessTokenTrait
{
/**
* @psalm-suppress MissingPropertyType
*/
protected $accessTokenRepository;
/**
* @var \League\OAuth2\Server\CryptKey
*/
protected $privateKey;
protected AccessTokenEntityFactory $accessTokenEntityFactory;
/**
* Issue an access token.
*
* @param string|null $userIdentifier
* @param \League\OAuth2\Server\Entities\ScopeEntityInterface[] $scopes
* @param array|null $requestedClaims Any requested claims
* @throws \League\OAuth2\Server\Exception\OAuthServerException
* @throws \League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException
*/
protected function issueAccessToken(
DateInterval $accessTokenTTL,
ClientEntityInterface $client,
$userIdentifier = null,
array $scopes = [],
?string $authCodeId = null,
?array $requestedClaims = null,
?FlowTypeEnum $flowTypeEnum = null,
?array $authorizationDetails = null,
?string $boundClientId = null,
?string $boundRedirectUri = null,
?string $issuerState = null,
): AccessTokenEntityInterface {
$maxGenerationAttempts = AbstractGrant::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
/** Since we are using our own repository interface, check for proper type. */
if (! is_a($this->accessTokenRepository, AccessTokenRepositoryInterface::class)) {
throw OidcServerException::serverError(
'Access token repository does not implement ' . AccessTokenRepositoryInterface::class,
);
}
while ($maxGenerationAttempts-- > 0) {
try {
$accessToken = $this->accessTokenEntityFactory->fromData(
$this->generateUniqueIdentifier(),
$client,
$scopes,
(new DateTimeImmutable())->add($accessTokenTTL),
$userIdentifier,
$authCodeId,
$requestedClaims,
flowTypeEnum: $flowTypeEnum,
authorizationDetails: $authorizationDetails,
boundClientId: $boundClientId,
boundRedirectUri: $boundRedirectUri,
issuerState: $issuerState,
);
$this->accessTokenRepository->persistNewAccessToken($accessToken);
return $accessToken;
} catch (UniqueTokenIdentifierConstraintViolationException $e) {
if ($maxGenerationAttempts === 0) {
throw $e;
}
}
}
throw OidcServerException::serverError('Unable to issue Access Token.');
}
/**
* Generate a new unique identifier.
*
* @param int $length
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*
* @return string
*/
abstract protected function generateUniqueIdentifier($length = 40);
}