You are here

public static function SimpleOauthAuthenticationProvider::getTokenValue in Simple OAuth (OAuth2) & OpenID Connect 8

Gets the access token from the request.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request object.

Return value

string The access token.

Overrides SimpleOauthAuthenticationProviderInterface::getTokenValue

See also

http://tools.ietf.org/html/rfc6750

1 call to SimpleOauthAuthenticationProvider::getTokenValue()
DisallowSimpleOauthRequests::check in src/PageCache/DisallowSimpleOauthRequests.php
Determines whether delivery of a cached page should be attempted.

File

src/Authentication/Provider/SimpleOauthAuthenticationProvider.php, line 60

Class

SimpleOauthAuthenticationProvider
Class SimpleOauthAuthenticationProvider.

Namespace

Drupal\simple_oauth\Authentication\Provider

Code

public static function getTokenValue(Request $request) {

  // Check the header. See: http://tools.ietf.org/html/rfc6750#section-2.1
  $auth_header = $request->headers
    ->get('Authorization', '', TRUE);
  $prefix = 'Bearer ';
  if (strpos($auth_header, $prefix) === 0) {
    return substr($auth_header, strlen($prefix));
  }

  // Form encoded parameter. See:
  // http://tools.ietf.org/html/rfc6750#section-2.2
  $ct_header = $request->headers
    ->get('Content-Type', '', TRUE);
  $is_get = $request
    ->getMethod() == Request::METHOD_GET;
  $token = $request->request
    ->get('access_token');
  if (!$is_get && $ct_header == 'application/x-www-form-urlencoded' && $token) {
    return $token;
  }

  // This module purposely refuses to implement
  // http://tools.ietf.org/html/rfc6750#section-2.3 for security resons.
  return NULL;
}