-
Notifications
You must be signed in to change notification settings - Fork 5
/
OnBehalfOfContext.php
70 lines (63 loc) · 1.94 KB
/
OnBehalfOfContext.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
/**
* Copyright (c) Microsoft Corporation. All Rights Reserved.
* Licensed under the MIT License. See License in the project root
* for license information.
*/
namespace Microsoft\Kiota\Authentication\Oauth;
/**
* Class OnBehalfOfContext
*
* Token request parameters for the on_behalf_of flow using a secret
*
* @package Microsoft\Kiota\Authentication
* @copyright 2022 Microsoft Corporation
* @license https://opensource.org/licenses/MIT MIT License
* @link https://developer.microsoft.com/graph
*/
class OnBehalfOfContext extends BaseSecretContext implements TokenRequestContext
{
use DelegatedPermissionTrait;
/**
* @var string
*/
private string $assertion;
/**
* @var array<string, string>
*/
private array $additionalParams;
/**
* @param string $tenantId
* @param string $clientId
* @param string $clientSecret
* @param string $assertion initial access token sent to the current API
* @param array<string, string> $additionalParams extra params to be added to token request
*/
public function __construct(string $tenantId, string $clientId, string $clientSecret, string $assertion, array $additionalParams = [])
{
if (!$assertion) {
throw new \InvalidArgumentException("Assertion cannot be empty");
}
$this->assertion = $assertion;
$this->additionalParams = $additionalParams;
parent::__construct($tenantId, $clientId, $clientSecret);
}
/**
* @inheritDoc
*/
public function getParams(): array
{
return array_merge($this->additionalParams, parent::getParams(), [
'assertion' => $this->assertion,
'grant_type' => $this->getGrantType(),
'requested_token_use' => 'on_behalf_of'
]);
}
/**
* @inheritDoc
*/
public function getGrantType(): string
{
return 'urn:ietf:params:Oauth:grant-type:jwt-bearer';
}
}