You are here

public function OAuth2Storage::checkClientCredentials in OAuth2 Server 8

Same name and namespace in other branches
  1. 2.0.x src/OAuth2Storage.php \Drupal\oauth2_server\OAuth2Storage::checkClientCredentials()

Check client credentials.

Parameters

string $client_id: The client id string.

string|null $client_secret: The client secret string.

Return value

bool A boolean whether the credentials are correct.

Throws

\Drupal\Component\Plugin\Exception\InvalidPluginDefinitionException

\Drupal\Component\Plugin\Exception\PluginNotFoundException

File

src/OAuth2Storage.php, line 195

Class

OAuth2Storage
Provides Drupal OAuth2 storage for the library.

Namespace

Drupal\oauth2_server

Code

public function checkClientCredentials($client_id, $client_secret = NULL) {
  $client = $this
    ->getClientDetails($client_id);
  if (!$client) {
    return FALSE;
  }

  // The client may omit the client secret or provide NULL, and expect that to
  // be treated the same as an empty string.
  // See https://tools.ietf.org/html/rfc6749#section-2.3.1
  if ($client['client_secret'] === '' && ($client_secret === '' || $client_secret === NULL)) {
    return TRUE;
  }
  return $this->passwordHasher
    ->check($client_secret, $client['client_secret']);
}