public function OpenIDConnectRedirectController::access in OpenID Connect / OAuth client 8
Same name and namespace in other branches
- 2.x src/Controller/OpenIDConnectRedirectController.php \Drupal\openid_connect\Controller\OpenIDConnectRedirectController::access()
Access callback: Redirect page.
Return value
\Drupal\Core\Access\AccessResultInterface Whether the state token matches the previously created one that is stored in the session.
1 string reference to 'OpenIDConnectRedirectController::access'
File
- src/
Controller/ OpenIDConnectRedirectController.php, line 110
Class
- OpenIDConnectRedirectController
- Redirect controller.
Namespace
Drupal\openid_connect\ControllerCode
public function access() {
// Confirm anti-forgery state token. This round-trip verification helps to
// ensure that the user, not a malicious script, is making the request.
$request = $this->requestStack
->getCurrentRequest();
$state_token = $request
->get('state');
if ($state_token && $this->stateToken
->confirm($state_token)) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}