You are here

Home » API reference » OpenID Connect / OAuth client 2.x » OpenIDConnectRedirectController.php » OpenIDConnectRedirectController

public function OpenIDConnectRedirectController::access in OpenID Connect / OAuth client 2.x

Same name and namespace in other branches
  1. 8 src/Controller/OpenIDConnectRedirectController.php \Drupal\openid_connect\Controller\OpenIDConnectRedirectController::access()

Access callback: Redirect page.

Return value

\Drupal\Core\Access\AccessResultInterface Whether the state token matches the previously created one that is stored in the session.

1 string reference to 'OpenIDConnectRedirectController::access'
openid_connect.routing.yml in ./openid_connect.routing.yml
openid_connect.routing.yml

File

src/Controller/OpenIDConnectRedirectController.php, line 173

Class

OpenIDConnectRedirectController
Redirect controller.

Namespace

Drupal\openid_connect\Controller

Code

public function access() : AccessResultInterface {

  // Confirm anti-forgery state token. This round-trip verification helps to
  // ensure that the user, not a malicious script, is making the request.
  $request = $this->requestStack
    ->getCurrentRequest();
  $state_token = $request
    ->get('state');
  if ($state_token && $this->stateToken
    ->confirm($state_token)) {
    return AccessResult::allowed();
  }
  return AccessResult::forbidden();
}