You are here

Home » API reference » OAuth2 Server 8 » OAuth2DrupalAuthProvider.php » OAuth2DrupalAuthProvider

public function OAuth2DrupalAuthProvider::applies in OAuth2 Server 8

Same name and namespace in other branches
  1. 2.0.x src/Authentication/Provider/OAuth2DrupalAuthProvider.php \Drupal\oauth2_server\Authentication\Provider\OAuth2DrupalAuthProvider::applies()

Checks whether suitable authentication credentials are on the request.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

Return value

bool TRUE if authentication credentials suitable for this provider are on the request, FALSE otherwise.

Overrides AuthenticationProviderInterface::applies

File

src/Authentication/Provider/OAuth2DrupalAuthProvider.php, line 96

Class

OAuth2DrupalAuthProvider
OAuth2 Drupal Auth Provider.

Namespace

Drupal\oauth2_server\Authentication\Provider

Code

public function applies(Request $request) {

  // If you return TRUE and the method Authentication logic fails,
  // you will get out from Drupal navigation if you are logged in.
  $method = [];

  // Check if the client uses the "Bearer" authentication scheme
  // to transmit the access token.
  // See https://tools.ietf.org/html/rfc6750#section-2.1
  if (stripos(trim($request->headers
    ->get('authorization')), 'Bearer') !== FALSE) {
    $method[] = t('Authorization Request Header Field');
  }

  // Check if the access token is in the entity-body of the HTTP request,
  // and if the client adds the access token to the request-body using the
  // "access_token" parameter.
  // See https://tools.ietf.org/html/rfc6750#section-2.2
  if (trim($request->headers
    ->get('content-type')) == 'application/x-www-form-urlencoded' && empty($request->query
    ->get('access_token')) && trim($request
    ->getMethod()) !== 'GET' && stripos(trim($request
    ->getContent()), 'access_token') !== FALSE) {
    $method[] = t('Form-Encoded Body Parameter');
  }

  // Check if the access token is in URI of the HTTP request,
  // the client adds the access token to the request URI query component
  // using the "access_token" parameter.
  // See https://tools.ietf.org/html/rfc6750#section-2.3
  if (!empty($request
    ->get('access_token')) && stripos(trim($request
    ->getContent()), 'access_token') === FALSE) {
    $method[] = t('URI Query Parameter');
  }

  // There are three methods of sending bearer access tokens in
  // resource requests to resource servers.
  // Clients MUST NOT use more than one method to transmit the token in each
  // request.
  if (!empty($method) && count($method) == 1) {
    return TRUE;
  }
  return FALSE;
}