public static function Utility::getClientCredentials in OAuth2 Server 8
Same name and namespace in other branches
- 2.0.x src/Utility.php \Drupal\oauth2_server\Utility::getClientCredentials()
Get the client credentials from authorization header or request body.
Used during token requests.
Parameters
\OAuth2\RequestInterface $request: An instance of \OAuth2\HttpFoundationBridge\Request.
Return value
array|null An array with the following keys:
- client_id: The client key.
- client_secret: The client secret.
or NULL if no client credentials were found.
2 calls to Utility::getClientCredentials()
- OAuth2Controller::token in src/
Controller/ OAuth2Controller.php - Token.
- OAuth2Controller::userInfo in src/
Controller/ OAuth2Controller.php - User info.
File
- src/
Utility.php, line 227
Class
- Utility
- Contains utility methods for the OAuth2 Server.
Namespace
Drupal\oauth2_serverCode
public static function getClientCredentials(RequestInterface $request) {
// Get the client credentials from the Authorization header.
if (!is_null($request
->headers('PHP_AUTH_USER'))) {
return [
'client_id' => $request
->headers('PHP_AUTH_USER'),
'client_secret' => $request
->headers('PHP_AUTH_PW', ''),
];
}
// Get the client credentials from the request body (POST).
// Per spec, this method is not recommended and should be limited to clients
// unable to utilize HTTP authentication.
if (!is_null($request
->request('client_id'))) {
return [
'client_id' => $request
->request('client_id'),
'client_secret' => $request
->request('client_secret', ''),
];
}
// This request contains a JWT, extract the client_id from there.
if (!is_null($request
->request('assertion'))) {
$jwt_util = new Jwt();
$jwt = $jwt_util
->decode($request
->request('assertion'), NULL, FALSE);
if (!empty($jwt['iss'])) {
return [
'client_id' => $jwt['iss'],
// The JWT bearer grant type doesn't use the client_secret.
'client_secret' => '',
];
}
}
return NULL;
}