public static function SimpleOauthAuthenticationProvider::getTokenValue in Simple OAuth (OAuth2) & OpenID Connect 8
Gets the access token from the request.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request object.
Return value
string The access token.
Overrides SimpleOauthAuthenticationProviderInterface::getTokenValue
See also
http://tools.ietf.org/html/rfc6750
1 call to SimpleOauthAuthenticationProvider::getTokenValue()
- DisallowSimpleOauthRequests::check in src/
PageCache/ DisallowSimpleOauthRequests.php - Determines whether delivery of a cached page should be attempted.
File
- src/
Authentication/ Provider/ SimpleOauthAuthenticationProvider.php, line 60
Class
- SimpleOauthAuthenticationProvider
- Class SimpleOauthAuthenticationProvider.
Namespace
Drupal\simple_oauth\Authentication\ProviderCode
public static function getTokenValue(Request $request) {
// Check the header. See: http://tools.ietf.org/html/rfc6750#section-2.1
$auth_header = $request->headers
->get('Authorization', '', TRUE);
$prefix = 'Bearer ';
if (strpos($auth_header, $prefix) === 0) {
return substr($auth_header, strlen($prefix));
}
// Form encoded parameter. See:
// http://tools.ietf.org/html/rfc6750#section-2.2
$ct_header = $request->headers
->get('Content-Type', '', TRUE);
$is_get = $request
->getMethod() == Request::METHOD_GET;
$token = $request->request
->get('access_token');
if (!$is_get && $ct_header == 'application/x-www-form-urlencoded' && $token) {
return $token;
}
// This module purposely refuses to implement
// http://tools.ietf.org/html/rfc6750#section-2.3 for security resons.
return NULL;
}