mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-05-31 14:12:07 +05:30
Use token type to determine access token in header
This commit is contained in:
Alex Bilbie
@@ -16,6 +16,7 @@ use League\OAuth2\Server\Storage\AccessTokenInterface;
|
||||
use League\OAuth2\Server\Storage\SessionInterface;
|
||||
use League\OAuth2\Server\Storage\ScopeInterface;
|
||||
use League\OAuth2\Server\Entity\AccessTokenEntity;
|
||||
use League\OAuth2\Server\TokenType\Bearer;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
/**
|
||||
@@ -194,9 +195,8 @@ class ResourceServer extends AbstractServer
|
||||
*/
|
||||
public function determineAccessToken($headersOnly = false)
|
||||
{
|
||||
if ($header = $this->getRequest()->headers->get('Authorization')) {
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
||||
$accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
|
||||
if ($this->getRequest()->headers->get('Authorization') !== null) {
|
||||
$accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
|
||||
} elseif ($headersOnly === false) {
|
||||
$accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET') ?
|
||||
$this->getRequest()->query->get($this->tokenKey) :
|
||||
|
||||
@@ -11,6 +11,8 @@
|
||||
|
||||
namespace League\OAuth2\Server\TokenType;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
abstract class AbstractTokenType
|
||||
{
|
||||
/**
|
||||
@@ -38,4 +40,11 @@ abstract class AbstractTokenType
|
||||
{
|
||||
return isset($this->response[$key]) ? $this->response[$key] : null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine the access token in the authorization header
|
||||
* @param \Symfony\Component\HttpFoundation\Request $request
|
||||
* @return string
|
||||
*/
|
||||
abstract public function determineAccessTokenInHeader(Request $request);
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@
|
||||
|
||||
namespace League\OAuth2\Server\TokenType;
|
||||
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
class Bearer extends AbstractTokenType implements TokenTypeInterface
|
||||
{
|
||||
/**
|
||||
@@ -31,4 +33,14 @@ class Bearer extends AbstractTokenType implements TokenTypeInterface
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function determineAccessTokenInHeader(Request $request)
|
||||
{
|
||||
$header = $request->headers->get('Authorization');
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
||||
return ($accessToken === 'Bearer') ? '' : $accessToken;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user