public function Oauth2AuthorizeController::authorize in Simple OAuth (OAuth2) & OpenID Connect 8.4
Same name and namespace in other branches
- 5.x src/Controller/Oauth2AuthorizeController.php \Drupal\simple_oauth\Controller\Oauth2AuthorizeController::authorize()
Authorizes the code generation or prints the confirmation form.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The incoming request.
Return value
mixed The response.
Throws
\Drupal\Component\Plugin\Exception\PluginNotFoundException
1 string reference to 'Oauth2AuthorizeController::authorize'
File
- src/
Controller/ Oauth2AuthorizeController.php, line 104
Class
- Oauth2AuthorizeController
- Oauth2AuthorizeController.
Namespace
Drupal\simple_oauth\ControllerCode
public function authorize(Request $request) {
$client_uuid = $request
->get('client_id');
if (empty($client_uuid)) {
return OAuthServerException::invalidClient()
->generateHttpResponse(new Response());
}
$consumer_storage = $this
->entityTypeManager()
->getStorage('consumer');
$client_drupal_entities = $consumer_storage
->loadByProperties([
'uuid' => $client_uuid,
]);
if (empty($client_drupal_entities)) {
return OAuthServerException::invalidClient()
->generateHttpResponse(new Response());
}
$client_drupal_entity = reset($client_drupal_entities);
$is_third_party = $client_drupal_entity
->get('third_party')->value;
$scopes = [];
if ($request->query
->get('scope')) {
$scopes = explode(' ', $request->query
->get('scope'));
}
if ($this
->currentUser()
->isAnonymous()) {
$message = $this
->t('An external client application is requesting access to your data in this site. Please log in first to authorize the operation.');
$this
->messenger()
->addStatus($message);
// If the user is not logged in.
$destination = Url::fromRoute('oauth2_token.authorize', [], [
'query' => UrlHelper::parse('/?' . $request
->getQueryString())['query'],
]);
$url = Url::fromRoute('user.login', [], [
'query' => [
'destination' => $destination
->toString(),
],
]);
// Client ID and secret may be passed as Basic Auth. Copy the headers.
return RedirectResponse::create($url
->toString(), 302, $request->headers
->all());
}
elseif (!$is_third_party || $this
->isKnownClient($client_uuid, $scopes)) {
// Login user may skip the grant step if the client is not third party or
// known.
if ($request
->get('response_type') == 'code') {
$grant_type = 'code';
}
elseif ($request
->get('response_type') == 'token') {
$grant_type = 'implicit';
}
else {
$grant_type = NULL;
}
try {
$server = $this->grantManager
->getAuthorizationServer($grant_type, $client_drupal_entity);
$ps7_request = $this->messageFactory
->createRequest($request);
$auth_request = $server
->validateAuthorizationRequest($ps7_request);
} catch (OAuthServerException $exception) {
$this
->messenger()
->addError($this
->t('Fatal error. Unable to get the authorization server.'));
watchdog_exception('simple_oauth', $exception);
return RedirectResponse::create(Url::fromRoute('<front>')
->toString());
}
if ($auth_request) {
$can_grant_codes = $this
->currentUser()
->hasPermission('grant simple_oauth codes');
return static::redirectToCallback($auth_request, $server, $this->currentUser, $can_grant_codes);
}
}
return $this
->formBuilder()
->getForm(Oauth2AuthorizeForm::class);
}