vendor/league/oauth2-client/src/Provider/AbstractProvider.php line 496

Open in your IDE?
  1. <?php
  2. /**
  3. * This file is part of the league/oauth2-client library
  4. *
  5. * For the full copyright and license information, please view the LICENSE
  6. * file that was distributed with this source code.
  7. *
  8. * @copyright Copyright (c) Alex Bilbie <hello@alexbilbie.com>
  9. * @license http://opensource.org/licenses/MIT MIT
  10. * @link http://thephpleague.com/oauth2-client/ Documentation
  11. * @link https://packagist.org/packages/league/oauth2-client Packagist
  12. * @link https://github.com/thephpleague/oauth2-client GitHub
  13. */
  15. namespace League\OAuth2\Client\Provider;
  17. use GuzzleHttp\Client as HttpClient;
  18. use GuzzleHttp\ClientInterface as HttpClientInterface;
  19. use GuzzleHttp\Exception\BadResponseException;
  20. use InvalidArgumentException;
  21. use League\OAuth2\Client\Grant\AbstractGrant;
  22. use League\OAuth2\Client\Grant\GrantFactory;
  23. use League\OAuth2\Client\OptionProvider\OptionProviderInterface;
  24. use League\OAuth2\Client\OptionProvider\PostAuthOptionProvider;
  25. use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
  26. use League\OAuth2\Client\Token\AccessToken;
  27. use League\OAuth2\Client\Token\AccessTokenInterface;
  28. use League\OAuth2\Client\Tool\ArrayAccessorTrait;
  29. use League\OAuth2\Client\Tool\GuardedPropertyTrait;
  30. use League\OAuth2\Client\Tool\QueryBuilderTrait;
  31. use League\OAuth2\Client\Tool\RequestFactory;
  32. use Psr\Http\Message\RequestInterface;
  33. use Psr\Http\Message\ResponseInterface;
  34. use UnexpectedValueException;
  36. /**
  37. * Represents a service provider (authorization server).
  38. *
  39. * @link http://tools.ietf.org/html/rfc6749#section-1.1 Roles (RFC 6749, ยง1.1)
  40. */
  41. abstract class AbstractProvider
  42. {
  43. use ArrayAccessorTrait;
  44. use GuardedPropertyTrait;
  45. use QueryBuilderTrait;
  47. /**
  48. * @var string|null Key used in a token response to identify the resource owner.
  49. */
  50. const ACCESS_TOKEN_RESOURCE_OWNER_ID = null;
  52. /**
  53. * @var string HTTP method used to fetch access tokens.
  54. */
  55. const METHOD_GET = 'GET';
  57. /**
  58. * @var string HTTP method used to fetch access tokens.
  59. */
  60. const METHOD_POST = 'POST';
  62. /**
  63. * @var string PKCE method used to fetch authorization token.
  64. * The PKCE code challenge will be hashed with sha256 (recommended).
  65. */
  66. const PKCE_METHOD_S256 = 'S256';
  68. /**
  69. * @var string PKCE method used to fetch authorization token.
  70. * The PKCE code challenge will be sent as plain text, this is NOT recommended.
  71. * Only use `plain` if no other option is possible.
  72. */
  73. const PKCE_METHOD_PLAIN = 'plain';
  75. /**
  76. * @var string
  77. */
  78. protected $clientId;
  80. /**
  81. * @var string
  82. */
  83. protected $clientSecret;
  85. /**
  86. * @var string
  87. */
  88. protected $redirectUri;
  90. /**
  91. * @var string
  92. */
  93. protected $state;
  95. /**
  96. * @var string|null
  97. */
  98. protected $pkceCode = null;
  100. /**
  101. * @var GrantFactory
  102. */
  103. protected $grantFactory;
  105. /**
  106. * @var RequestFactory
  107. */
  108. protected $requestFactory;
  110. /**
  111. * @var HttpClientInterface
  112. */
  113. protected $httpClient;
  115. /**
  116. * @var OptionProviderInterface
  117. */
  118. protected $optionProvider;
  120. /**
  121. * Constructs an OAuth 2.0 service provider.
  122. *
  123. * @param array $options An array of options to set on this provider.
  124. * Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
  125. * Individual providers may introduce more options, as needed.
  126. * @param array $collaborators An array of collaborators that may be used to
  127. * override this provider's default behavior. Collaborators include
  128. * `grantFactory`, `requestFactory`, and `httpClient`.
  129. * Individual providers may introduce more collaborators, as needed.
  130. */
  131. public function __construct(array $options = [], array $collaborators = [])
  132. {
  133. // We'll let the GuardedPropertyTrait handle mass assignment of incoming
  134. // options, skipping any blacklisted properties defined in the provider
  135. $this->fillProperties($options);
  137. if (empty($collaborators['grantFactory'])) {
  138. $collaborators['grantFactory'] = new GrantFactory();
  139. }
  140. $this->setGrantFactory($collaborators['grantFactory']);
  142. if (empty($collaborators['requestFactory'])) {
  143. $collaborators['requestFactory'] = new RequestFactory();
  144. }
  145. $this->setRequestFactory($collaborators['requestFactory']);
  147. if (empty($collaborators['httpClient'])) {
  148. $client_options = $this->getAllowedClientOptions($options);
  150. $collaborators['httpClient'] = new HttpClient(
  151. array_intersect_key($options, array_flip($client_options))
  152. );
  153. }
  154. $this->setHttpClient($collaborators['httpClient']);
  156. if (empty($collaborators['optionProvider'])) {
  157. $collaborators['optionProvider'] = new PostAuthOptionProvider();
  158. }
  159. $this->setOptionProvider($collaborators['optionProvider']);
  160. }
  162. /**
  163. * Returns the list of options that can be passed to the HttpClient
  164. *
  165. * @param array $options An array of options to set on this provider.
  166. * Options include `clientId`, `clientSecret`, `redirectUri`, and `state`.
  167. * Individual providers may introduce more options, as needed.
  168. * @return array The options to pass to the HttpClient constructor
  169. */
  170. protected function getAllowedClientOptions(array $options)
  171. {
  172. $client_options = ['timeout', 'proxy'];
  174. // Only allow turning off ssl verification if it's for a proxy
  175. if (!empty($options['proxy'])) {
  176. $client_options[] = 'verify';
  177. }
  179. return $client_options;
  180. }
  182. /**
  183. * Sets the grant factory instance.
  184. *
  185. * @param GrantFactory $factory
  186. * @return self
  187. */
  188. public function setGrantFactory(GrantFactory $factory)
  189. {
  190. $this->grantFactory = $factory;
  192. return $this;
  193. }
  195. /**
  196. * Returns the current grant factory instance.
  197. *
  198. * @return GrantFactory
  199. */
  200. public function getGrantFactory()
  201. {
  202. return $this->grantFactory;
  203. }
  205. /**
  206. * Sets the request factory instance.
  207. *
  208. * @param RequestFactory $factory
  209. * @return self
  210. */
  211. public function setRequestFactory(RequestFactory $factory)
  212. {
  213. $this->requestFactory = $factory;
  215. return $this;
  216. }
  218. /**
  219. * Returns the request factory instance.
  220. *
  221. * @return RequestFactory
  222. */
  223. public function getRequestFactory()
  224. {
  225. return $this->requestFactory;
  226. }
  228. /**
  229. * Sets the HTTP client instance.
  230. *
  231. * @param HttpClientInterface $client
  232. * @return self
  233. */
  234. public function setHttpClient(HttpClientInterface $client)
  235. {
  236. $this->httpClient = $client;
  238. return $this;
  239. }
  241. /**
  242. * Returns the HTTP client instance.
  243. *
  244. * @return HttpClientInterface
  245. */
  246. public function getHttpClient()
  247. {
  248. return $this->httpClient;
  249. }
  251. /**
  252. * Sets the option provider instance.
  253. *
  254. * @param OptionProviderInterface $provider
  255. * @return self
  256. */
  257. public function setOptionProvider(OptionProviderInterface $provider)
  258. {
  259. $this->optionProvider = $provider;
  261. return $this;
  262. }
  264. /**
  265. * Returns the option provider instance.
  266. *
  267. * @return OptionProviderInterface
  268. */
  269. public function getOptionProvider()
  270. {
  271. return $this->optionProvider;
  272. }
  274. /**
  275. * Returns the current value of the state parameter.
  276. *
  277. * This can be accessed by the redirect handler during authorization.
  278. *
  279. * @return string
  280. */
  281. public function getState()
  282. {
  283. return $this->state;
  284. }
  286. /**
  287. * Set the value of the pkceCode parameter.
  288. *
  289. * When using PKCE this should be set before requesting an access token.
  290. *
  291. * @param string $pkceCode
  292. * @return self
  293. */
  294. public function setPkceCode($pkceCode)
  295. {
  296. $this->pkceCode = $pkceCode;
  297. return $this;
  298. }
  300. /**
  301. * Returns the current value of the pkceCode parameter.
  302. *
  303. * This can be accessed by the redirect handler during authorization.
  304. *
  305. * @return string|null
  306. */
  307. public function getPkceCode()
  308. {
  309. return $this->pkceCode;
  310. }
  312. /**
  313. * Returns the base URL for authorizing a client.
  314. *
  315. * Eg. https://oauth.service.com/authorize
  316. *
  317. * @return string
  318. */
  319. abstract public function getBaseAuthorizationUrl();
  321. /**
  322. * Returns the base URL for requesting an access token.
  323. *
  324. * Eg. https://oauth.service.com/token
  325. *
  326. * @param array $params
  327. * @return string
  328. */
  329. abstract public function getBaseAccessTokenUrl(array $params);
  331. /**
  332. * Returns the URL for requesting the resource owner's details.
  333. *
  334. * @param AccessToken $token
  335. * @return string
  336. */
  337. abstract public function getResourceOwnerDetailsUrl(AccessToken $token);
  339. /**
  340. * Returns a new random string to use as the state parameter in an
  341. * authorization flow.
  342. *
  343. * @param int $length Length of the random string to be generated.
  344. * @return string
  345. */
  346. protected function getRandomState($length = 32)
  347. {
  348. // Converting bytes to hex will always double length. Hence, we can reduce
  349. // the amount of bytes by half to produce the correct length.
  350. return bin2hex(random_bytes($length / 2));
  351. }
  353. /**
  354. * Returns a new random string to use as PKCE code_verifier and
  355. * hashed as code_challenge parameters in an authorization flow.
  356. * Must be between 43 and 128 characters long.
  357. *
  358. * @param int $length Length of the random string to be generated.
  359. * @return string
  360. */
  361. protected function getRandomPkceCode($length = 64)
  362. {
  363. return substr(
  364. strtr(
  365. base64_encode(random_bytes($length)),
  366. '+/',
  367. '-_'
  368. ),
  369. 0,
  370. $length
  371. );
  372. }
  374. /**
  375. * Returns the default scopes used by this provider.
  376. *
  377. * This should only be the scopes that are required to request the details
  378. * of the resource owner, rather than all the available scopes.
  379. *
  380. * @return array
  381. */
  382. abstract protected function getDefaultScopes();
  384. /**
  385. * Returns the string that should be used to separate scopes when building
  386. * the URL for requesting an access token.
  387. *
  388. * @return string Scope separator, defaults to ','
  389. */
  390. protected function getScopeSeparator()
  391. {
  392. return ',';
  393. }
  395. /**
  396. * @return string|null
  397. */
  398. protected function getPkceMethod()
  399. {
  400. return null;
  401. }
  403. /**
  404. * Returns authorization parameters based on provided options.
  405. *
  406. * @param array $options
  407. * @return array Authorization parameters
  408. */
  409. protected function getAuthorizationParameters(array $options)
  410. {
  411. if (empty($options['state'])) {
  412. $options['state'] = $this->getRandomState();
  413. }
  415. if (empty($options['scope'])) {
  416. $options['scope'] = $this->getDefaultScopes();
  417. }
  419. $options += [
  420. 'response_type' => 'code',
  421. 'approval_prompt' => 'auto'
  422. ];
  424. if (is_array($options['scope'])) {
  425. $separator = $this->getScopeSeparator();
  426. $options['scope'] = implode($separator, $options['scope']);
  427. }
  429. // Store the state as it may need to be accessed later on.
  430. $this->state = $options['state'];
  432. $pkceMethod = $this->getPkceMethod();
  433. if (!empty($pkceMethod)) {
  434. $this->pkceCode = $this->getRandomPkceCode();
  435. if ($pkceMethod === static::PKCE_METHOD_S256) {
  436. $options['code_challenge'] = trim(
  437. strtr(
  438. base64_encode(hash('sha256', $this->pkceCode, true)),
  439. '+/',
  440. '-_'
  441. ),
  442. '='
  443. );
  444. } elseif ($pkceMethod === static::PKCE_METHOD_PLAIN) {
  445. $options['code_challenge'] = $this->pkceCode;
  446. } else {
  447. throw new InvalidArgumentException('Unknown PKCE method "' . $pkceMethod . '".');
  448. }
  449. $options['code_challenge_method'] = $pkceMethod;
  450. }
  452. // Business code layer might set a different redirect_uri parameter
  453. // depending on the context, leave it as-is
  454. if (!isset($options['redirect_uri'])) {
  455. $options['redirect_uri'] = $this->redirectUri;
  456. }
  458. $options['client_id'] = $this->clientId;
  460. return $options;
  461. }
  463. /**
  464. * Builds the authorization URL's query string.
  465. *
  466. * @param array $params Query parameters
  467. * @return string Query string
  468. */
  469. protected function getAuthorizationQuery(array $params)
  470. {
  471. return $this->buildQueryString($params);
  472. }
  474. /**
  475. * Builds the authorization URL.
  476. *
  477. * @param array $options
  478. * @return string Authorization URL
  479. */
  480. public function getAuthorizationUrl(array $options = [])
  481. {
  482. $base = $this->getBaseAuthorizationUrl();
  483. $params = $this->getAuthorizationParameters($options);
  484. $query = $this->getAuthorizationQuery($params);
  486. return $this->appendQuery($base, $query);
  487. }
  489. /**
  490. * Redirects the client for authorization.
  491. *
  492. * @param array $options
  493. * @param callable|null $redirectHandler
  494. * @return mixed
  495. */
  496. public function authorize(
  497. array $options = [],
  498. callable $redirectHandler = null
  499. ) {
  500. $url = $this->getAuthorizationUrl($options);
  501. if ($redirectHandler) {
  502. return $redirectHandler($url, $this);
  503. }
  505. // @codeCoverageIgnoreStart
  506. header('Location: ' . $url);
  507. exit;
  508. // @codeCoverageIgnoreEnd
  509. }
  511. /**
  512. * Appends a query string to a URL.
  513. *
  514. * @param string $url The URL to append the query to
  515. * @param string $query The HTTP query string
  516. * @return string The resulting URL
  517. */
  518. protected function appendQuery($url, $query)
  519. {
  520. $query = trim($query, '?&');
  522. if ($query) {
  523. $glue = strstr($url, '?') === false ? '?' : '&';
  524. return $url . $glue . $query;
  525. }
  527. return $url;
  528. }
  530. /**
  531. * Returns the method to use when requesting an access token.
  532. *
  533. * @return string HTTP method
  534. */
  535. protected function getAccessTokenMethod()
  536. {
  537. return self::METHOD_POST;
  538. }
  540. /**
  541. * Returns the key used in the access token response to identify the resource owner.
  542. *
  543. * @return string|null Resource owner identifier key
  544. */
  545. protected function getAccessTokenResourceOwnerId()
  546. {
  547. return static::ACCESS_TOKEN_RESOURCE_OWNER_ID;
  548. }
  550. /**
  551. * Builds the access token URL's query string.
  552. *
  553. * @param array $params Query parameters
  554. * @return string Query string
  555. */
  556. protected function getAccessTokenQuery(array $params)
  557. {
  558. return $this->buildQueryString($params);
  559. }
  561. /**
  562. * Checks that a provided grant is valid, or attempts to produce one if the
  563. * provided grant is a string.
  564. *
  565. * @param AbstractGrant|string $grant
  566. * @return AbstractGrant
  567. */
  568. protected function verifyGrant($grant)
  569. {
  570. if (is_string($grant)) {
  571. return $this->grantFactory->getGrant($grant);
  572. }
  574. $this->grantFactory->checkGrant($grant);
  575. return $grant;
  576. }
  578. /**
  579. * Returns the full URL to use when requesting an access token.
  580. *
  581. * @param array $params Query parameters
  582. * @return string
  583. */
  584. protected function getAccessTokenUrl(array $params)
  585. {
  586. $url = $this->getBaseAccessTokenUrl($params);
  588. if ($this->getAccessTokenMethod() === self::METHOD_GET) {
  589. $query = $this->getAccessTokenQuery($params);
  590. return $this->appendQuery($url, $query);
  591. }
  593. return $url;
  594. }
  596. /**
  597. * Returns a prepared request for requesting an access token.
  598. *
  599. * @param array $params Query string parameters
  600. * @return RequestInterface
  601. */
  602. protected function getAccessTokenRequest(array $params)
  603. {
  604. $method = $this->getAccessTokenMethod();
  605. $url = $this->getAccessTokenUrl($params);
  606. $options = $this->optionProvider->getAccessTokenOptions($this->getAccessTokenMethod(), $params);
  608. return $this->getRequest($method, $url, $options);
  609. }
  611. /**
  612. * Requests an access token using a specified grant and option set.
  613. *
  614. * @param mixed $grant
  615. * @param array<string, mixed> $options
  616. * @throws IdentityProviderException
  617. * @return AccessTokenInterface
  618. */
  619. public function getAccessToken($grant, array $options = [])
  620. {
  621. $grant = $this->verifyGrant($grant);
  623. $params = [
  624. 'client_id' => $this->clientId,
  625. 'client_secret' => $this->clientSecret,
  626. 'redirect_uri' => $this->redirectUri,
  627. ];
  629. if (!empty($this->pkceCode)) {
  630. $params['code_verifier'] = $this->pkceCode;
  631. }
  633. $params = $grant->prepareRequestParameters($params, $options);
  634. $request = $this->getAccessTokenRequest($params);
  635. $response = $this->getParsedResponse($request);
  636. if (false === is_array($response)) {
  637. throw new UnexpectedValueException(
  638. 'Invalid response received from Authorization Server. Expected JSON.'
  639. );
  640. }
  641. $prepared = $this->prepareAccessTokenResponse($response);
  642. $token = $this->createAccessToken($prepared, $grant);
  644. return $token;
  645. }
  647. /**
  648. * Returns a PSR-7 request instance that is not authenticated.
  649. *
  650. * @param string $method
  651. * @param string $url
  652. * @param array $options
  653. * @return RequestInterface
  654. */
  655. public function getRequest($method, $url, array $options = [])
  656. {
  657. return $this->createRequest($method, $url, null, $options);
  658. }
  660. /**
  661. * Returns an authenticated PSR-7 request instance.
  662. *
  663. * @param string $method
  664. * @param string $url
  665. * @param AccessTokenInterface|string|null $token
  666. * @param array $options Any of "headers", "body", and "protocolVersion".
  667. * @return RequestInterface
  668. */
  669. public function getAuthenticatedRequest($method, $url, $token, array $options = [])
  670. {
  671. return $this->createRequest($method, $url, $token, $options);
  672. }
  674. /**
  675. * Creates a PSR-7 request instance.
  676. *
  677. * @param string $method
  678. * @param string $url
  679. * @param AccessTokenInterface|string|null $token
  680. * @param array $options
  681. * @return RequestInterface
  682. */
  683. protected function createRequest($method, $url, $token, array $options)
  684. {
  685. $defaults = [
  686. 'headers' => $this->getHeaders($token),
  687. ];
  689. $options = array_merge_recursive($defaults, $options);
  690. $factory = $this->getRequestFactory();
  692. return $factory->getRequestWithOptions($method, $url, $options);
  693. }
  695. /**
  696. * Sends a request instance and returns a response instance.
  697. *
  698. * WARNING: This method does not attempt to catch exceptions caused by HTTP
  699. * errors! It is recommended to wrap this method in a try/catch block.
  700. *
  701. * @param RequestInterface $request
  702. * @return ResponseInterface
  703. */
  704. public function getResponse(RequestInterface $request)
  705. {
  706. return $this->getHttpClient()->send($request);
  707. }
  709. /**
  710. * Sends a request and returns the parsed response.
  711. *
  712. * @param RequestInterface $request
  713. * @throws IdentityProviderException
  714. * @return mixed
  715. */
  716. public function getParsedResponse(RequestInterface $request)
  717. {
  718. try {
  719. $response = $this->getResponse($request);
  720. } catch (BadResponseException $e) {
  721. $response = $e->getResponse();
  722. }
  724. $parsed = $this->parseResponse($response);
  726. $this->checkResponse($response, $parsed);
  728. return $parsed;
  729. }
  731. /**
  732. * Attempts to parse a JSON response.
  733. *
  734. * @param string $content JSON content from response body
  735. * @return array Parsed JSON data
  736. * @throws UnexpectedValueException if the content could not be parsed
  737. */
  738. protected function parseJson($content)
  739. {
  740. $content = json_decode($content, true);
  742. if (json_last_error() !== JSON_ERROR_NONE) {
  743. throw new UnexpectedValueException(sprintf(
  744. "Failed to parse JSON response: %s",
  745. json_last_error_msg()
  746. ));
  747. }
  749. return $content;
  750. }
  752. /**
  753. * Returns the content type header of a response.
  754. *
  755. * @param ResponseInterface $response
  756. * @return string Semi-colon separated join of content-type headers.
  757. */
  758. protected function getContentType(ResponseInterface $response)
  759. {
  760. return join(';', (array) $response->getHeader('content-type'));
  761. }
  763. /**
  764. * Parses the response according to its content-type header.
  765. *
  766. * @throws UnexpectedValueException
  767. * @param ResponseInterface $response
  768. * @return array
  769. */
  770. protected function parseResponse(ResponseInterface $response)
  771. {
  772. $content = (string) $response->getBody();
  773. $type = $this->getContentType($response);
  775. if (strpos($type, 'urlencoded') !== false) {
  776. parse_str($content, $parsed);
  777. return $parsed;
  778. }
  780. // Attempt to parse the string as JSON regardless of content type,
  781. // since some providers use non-standard content types. Only throw an
  782. // exception if the JSON could not be parsed when it was expected to.
  783. try {
  784. return $this->parseJson($content);
  785. } catch (UnexpectedValueException $e) {
  786. if (strpos($type, 'json') !== false) {
  787. throw $e;
  788. }
  790. if ($response->getStatusCode() == 500) {
  791. throw new UnexpectedValueException(
  792. 'An OAuth server error was encountered that did not contain a JSON body',
  793. 0,
  794. $e
  795. );
  796. }
  798. return $content;
  799. }
  800. }
  802. /**
  803. * Checks a provider response for errors.
  804. *
  805. * @throws IdentityProviderException
  806. * @param ResponseInterface $response
  807. * @param array|string $data Parsed response data
  808. * @return void
  809. */
  810. abstract protected function checkResponse(ResponseInterface $response, $data);
  812. /**
  813. * Prepares an parsed access token response for a grant.
  814. *
  815. * Custom mapping of expiration, etc should be done here. Always call the
  816. * parent method when overloading this method.
  817. *
  818. * @param mixed $result
  819. * @return array
  820. */
  821. protected function prepareAccessTokenResponse(array $result)
  822. {
  823. if ($this->getAccessTokenResourceOwnerId() !== null) {
  824. $result['resource_owner_id'] = $this->getValueByKey(
  825. $result,
  826. $this->getAccessTokenResourceOwnerId()
  827. );
  828. }
  829. return $result;
  830. }
  832. /**
  833. * Creates an access token from a response.
  834. *
  835. * The grant that was used to fetch the response can be used to provide
  836. * additional context.
  837. *
  838. * @param array $response
  839. * @param AbstractGrant $grant
  840. * @return AccessTokenInterface
  841. */
  842. protected function createAccessToken(array $response, AbstractGrant $grant)
  843. {
  844. return new AccessToken($response);
  845. }
  847. /**
  848. * Generates a resource owner object from a successful resource owner
  849. * details request.
  850. *
  851. * @param array $response
  852. * @param AccessToken $token
  853. * @return ResourceOwnerInterface
  854. */
  855. abstract protected function createResourceOwner(array $response, AccessToken $token);
  857. /**
  858. * Requests and returns the resource owner of given access token.
  859. *
  860. * @param AccessToken $token
  861. * @return ResourceOwnerInterface
  862. */
  863. public function getResourceOwner(AccessToken $token)
  864. {
  865. $response = $this->fetchResourceOwnerDetails($token);
  867. return $this->createResourceOwner($response, $token);
  868. }
  870. /**
  871. * Requests resource owner details.
  872. *
  873. * @param AccessToken $token
  874. * @return mixed
  875. */
  876. protected function fetchResourceOwnerDetails(AccessToken $token)
  877. {
  878. $url = $this->getResourceOwnerDetailsUrl($token);
  880. $request = $this->getAuthenticatedRequest(self::METHOD_GET, $url, $token);
  882. $response = $this->getParsedResponse($request);
  884. if (false === is_array($response)) {
  885. throw new UnexpectedValueException(
  886. 'Invalid response received from Authorization Server. Expected JSON.'
  887. );
  888. }
  890. return $response;
  891. }
  893. /**
  894. * Returns the default headers used by this provider.
  895. *
  896. * Typically this is used to set 'Accept' or 'Content-Type' headers.
  897. *
  898. * @return array
  899. */
  900. protected function getDefaultHeaders()
  901. {
  902. return [];
  903. }
  905. /**
  906. * Returns the authorization headers used by this provider.
  907. *
  908. * Typically this is "Bearer" or "MAC". For more information see:
  909. * http://tools.ietf.org/html/rfc6749#section-7.1
  910. *
  911. * No default is provided, providers must overload this method to activate
  912. * authorization headers.
  913. *
  914. * @param mixed|null $token Either a string or an access token instance
  915. * @return array
  916. */
  917. protected function getAuthorizationHeaders($token = null)
  918. {
  919. return [];
  920. }
  922. /**
  923. * Returns all headers used by this provider for a request.
  924. *
  925. * The request will be authenticated if an access token is provided.
  926. *
  927. * @param mixed|null $token object or string
  928. * @return array
  929. */
  930. public function getHeaders($token = null)
  931. {
  932. if ($token) {
  933. return array_merge(
  934. $this->getDefaultHeaders(),
  935. $this->getAuthorizationHeaders($token)
  936. );
  937. }
  939. return $this->getDefaultHeaders();
  940. }
  941. }