function oauth2_server_get_client_credentials in OAuth2 Server 7
Get the client credentials from the authorization header or the request body.
Used during token requests.
Parameters
OAuth2\Request $request: An instance of OAuth2\Request.
Return value
array|NULL An array with the following keys:
- client_id: The client key.
- client_secret: The client secret.
or NULL if no client credentials were found.
1 call to oauth2_server_get_client_credentials()
- oauth2_server_from_request in ./
oauth2_server.module - Loads an OAuth2 server using the request details.
File
- ./
oauth2_server.module, line 1005 - Provides OAuth2 server functionality.
Code
function oauth2_server_get_client_credentials(Oauth2\Request $request) {
// Get the client credentials from the Authorization header.
if (!is_null($request
->headers('PHP_AUTH_USER'))) {
return array(
'client_id' => $request
->headers('PHP_AUTH_USER'),
'client_secret' => $request
->headers('PHP_AUTH_PW', ''),
);
}
// Get the client credentials from the request body (POST).
// Per spec, this method is not recommended and should be limited to clients
// unable to utilize HTTP authentication.
if (!is_null($request
->request('client_id'))) {
return array(
'client_id' => $request
->request('client_id'),
'client_secret' => $request
->request('client_secret', ''),
);
}
// This request contains a JWT, extract the client_id from there.
if (!is_null($request
->request('assertion'))) {
$jwt_util = new OAuth2\Encryption\Jwt();
$jwt = $jwt_util
->decode($request
->request('assertion'), NULL, FALSE);
if (!empty($jwt['iss'])) {
return array(
'client_id' => $jwt['iss'],
// The JWT bearer grant type doesn't use the client_secret.
'client_secret' => '',
);
}
}
return NULL;
}