diff --git a/src/AuthorizationServer.php b/src/AuthorizationServer.php index 50407072..568574d7 100644 --- a/src/AuthorizationServer.php +++ b/src/AuthorizationServer.php @@ -73,141 +73,6 @@ class AuthorizationServer extends AbstractServer */ protected $requireStateParam = false; - /** - * Exception error codes - * @var array - */ - protected static $exceptionCodes = [ - 0 => 'invalid_request', - 1 => 'unauthorized_client', - 2 => 'access_denied', - 3 => 'unsupported_response_type', - 4 => 'invalid_scope', - 5 => 'server_error', - 6 => 'temporarily_unavailable', - 7 => 'unsupported_grant_type', - 8 => 'invalid_client', - 9 => 'invalid_grant' - ]; - - /** - * Exception error messages - * @var array - */ - protected static $exceptionMessages = [ - 'invalid_request' => 'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.', - 'unauthorized_client' => 'The client is not authorized to request an access token using this method.', - 'access_denied' => 'The resource owner or authorization server denied the request.', - 'unsupported_response_type' => 'The authorization server does not support obtaining an access token using this method.', - 'invalid_scope' => 'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.', - 'server_error' => 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.', - 'temporarily_unavailable' => 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.', - 'unsupported_grant_type' => 'The authorization grant type "%s" is not supported by the authorization server', - 'invalid_client' => 'Client authentication failed', - 'invalid_grant' => 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.', - 'invalid_credentials' => 'The user credentials were incorrect.', - 'invalid_refresh' => 'The refresh token is invalid.', - ]; - - /** - * Exception error HTTP status codes - * @var array - * RFC 6749, section 4.1.2.1.: - * No 503 status code for 'temporarily_unavailable', because - * "a 503 Service Unavailable HTTP status code cannot be - * returned to the client via an HTTP redirect" - */ - protected static $exceptionHttpStatusCodes = [ - 'invalid_request' => 400, - 'unauthorized_client' => 400, - 'access_denied' => 401, - 'unsupported_response_type' => 400, - 'invalid_scope' => 400, - 'server_error' => 500, - 'temporarily_unavailable' => 400, - 'unsupported_grant_type' => 501, - 'invalid_client' => 401, - 'invalid_grant' => 400, - 'invalid_credentials' => 400, - 'invalid_refresh' => 400, - ]; - - /** - * Get all headers that have to be send with the error response - * @param string $error The error message key - * @return array Array with header values - */ - public static function getExceptionHttpHeaders($error) - { - $headers = []; - switch (self::$exceptionHttpStatusCodes[$error]) { - case 401: - $headers[] = 'HTTP/1.1 401 Unauthorized'; - break; - case 500: - $headers[] = 'HTTP/1.1 500 Internal Server Error'; - break; - case 501: - $headers[] = 'HTTP/1.1 501 Not Implemented'; - break; - case 400: - default: - $headers[] = 'HTTP/1.1 400 Bad Request'; - } - - // Add "WWW-Authenticate" header - // - // RFC 6749, section 5.2.: - // "If the client attempted to authenticate via the 'Authorization' - // request header field, the authorization server MUST - // respond with an HTTP 401 (Unauthorized) status code and - // include the "WWW-Authenticate" response header field - // matching the authentication scheme used by the client. - // @codeCoverageIgnoreStart - if ($error === 'invalid_client') { - $authScheme = null; - $request = new Request(); - if ($request->server('PHP_AUTH_USER') !== null) { - $authScheme = 'Basic'; - } else { - $authHeader = $request->header('Authorization'); - if ($authHeader !== null) { - if (strpos($authHeader, 'Bearer') === 0) { - $authScheme = 'Bearer'; - } elseif (strpos($authHeader, 'Basic') === 0) { - $authScheme = 'Basic'; - } - } - } - if ($authScheme !== null) { - $headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""'; - } - } - // @codeCoverageIgnoreEnd - - return $headers; - } - - /** - * Get an exception message - * @param string $error The error message key - * @return string The error message - */ - public static function getExceptionMessage($error = '') - { - return self::$exceptionMessages[$error]; - } - - /** - * Get an exception code - * @param integer $code The exception code - * @return string The exception code type - */ - public static function getExceptionType($code = 0) - { - return self::$exceptionCodes[$code]; - } - /** * Create a new OAuth2 authorization server * @return self