P::OBTAIN_EXTENDED_ACCOUNT_INFO, ]; public function getScopeEntityByIdentifier($identifier): ?ScopeEntityInterface { $identifier = $this->convertToInternalPermission($identifier); if (!in_array($identifier, self::ALLOWED_SCOPES, true)) { return null; } return new ScopeEntity($identifier); } /** * @throws OAuthServerException */ public function finalizeScopes( array $scopes, string $grantType, ClientEntityInterface $clientEntity, ?string $userIdentifier = null, ?string $authCodeId = null, ): array { if (empty($scopes)) { return $scopes; } /** @var ClientEntity $clientEntity */ // Right now we have no available scopes for the client_credentials grant if (!$clientEntity->isTrusted()) { throw OAuthServerException::invalidScope($scopes[0]->getIdentifier()); } return $scopes; } private function convertToInternalPermission(string $publicScope): string { return self::PUBLIC_SCOPES_TO_INTERNAL_PERMISSIONS[$publicScope] ?? $publicScope; } }