| Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame^] | 1 | <?php |
| 2 | |
| 3 | namespace OAuth2\OpenID\GrantType; |
| 4 | |
| 5 | use OAuth2\GrantType\AuthorizationCode as BaseAuthorizationCode; |
| 6 | use OAuth2\ResponseType\AccessTokenInterface; |
| 7 | |
| 8 | /** |
| 9 | * @author Brent Shaffer <bshafs at gmail dot com> |
| 10 | */ |
| 11 | class AuthorizationCode extends BaseAuthorizationCode |
| 12 | { |
| 13 | /** |
| 14 | * Create access token |
| 15 | * |
| 16 | * @param AccessTokenInterface $accessToken |
| 17 | * @param mixed $client_id - client identifier related to the access token. |
| 18 | * @param mixed $user_id - user id associated with the access token |
| 19 | * @param string $scope - scopes to be stored in space-separated string. |
| 20 | * @return array |
| 21 | */ |
| 22 | public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope) |
| 23 | { |
| 24 | $includeRefreshToken = true; |
| 25 | if (isset($this->authCode['id_token'])) { |
| 26 | // OpenID Connect requests include the refresh token only if the |
| 27 | // offline_access scope has been requested and granted. |
| 28 | $scopes = explode(' ', trim($scope)); |
| 29 | $includeRefreshToken = in_array('offline_access', $scopes); |
| 30 | } |
| 31 | |
| 32 | $token = $accessToken->createAccessToken($client_id, $user_id, $scope, $includeRefreshToken); |
| 33 | if (isset($this->authCode['id_token'])) { |
| 34 | $token['id_token'] = $this->authCode['id_token']; |
| 35 | } |
| 36 | |
| 37 | $this->storage->expireAuthorizationCode($this->authCode['code']); |
| 38 | |
| 39 | return $token; |
| 40 | } |
| 41 | } |