3 namespace BookStack\Access\Oidc;
5 use InvalidArgumentException;
6 use League\OAuth2\Client\Token\AccessToken;
8 class OidcAccessToken extends AccessToken
11 * Constructs an access token.
13 * @param array $options An array of options returned by the service provider
14 * in the access token request. The `access_token` option is required.
16 * @throws InvalidArgumentException if `access_token` is not provided in `$options`.
18 public function __construct(array $options = [])
20 parent::__construct($options);
21 $this->validate($options);
25 * Validate this access token response for OIDC.
26 * As per https://openid.net/specs/openid-connect-basic-1_0.html#TokenOK.
28 private function validate(array $options): void
30 // access_token: REQUIRED. Access Token for the UserInfo Endpoint.
31 // Performed on the extended class
33 // token_type: REQUIRED. OAuth 2.0 Token Type value. The value MUST be Bearer, as specified in OAuth 2.0
34 // Bearer Token Usage [RFC6750], for Clients using this subset.
35 // Note that the token_type value is case-insensitive.
36 if (strtolower(($options['token_type'] ?? '')) !== 'bearer') {
37 throw new InvalidArgumentException('The response token type MUST be "Bearer"');
40 // id_token: REQUIRED. ID Token.
41 if (empty($options['id_token'])) {
42 throw new InvalidArgumentException('An "id_token" property must be provided');
47 * Get the id token value from this access token response.
49 public function getIdToken(): string
51 return $this->getValues()['id_token'];
projects / bookstack / blob