validate($options); } /** * Validate this access token response for OIDC. * As per https://openid.net/specs/openid-connect-basic-1_0.html#TokenOK. */ private function validate(array $options): void { // access_token: REQUIRED. Access Token for the UserInfo Endpoint. // Performed on the extended class // token_type: REQUIRED. OAuth 2.0 Token Type value. The value MUST be Bearer, as specified in OAuth 2.0 // Bearer Token Usage [RFC6750], for Clients using this subset. // Note that the token_type value is case-insensitive. if (strtolower(($options['token_type'] ?? '')) !== 'bearer') { throw new InvalidArgumentException('The response token type MUST be "Bearer"'); } // id_token: REQUIRED. ID Token. if (empty($options['id_token'])) { throw new InvalidArgumentException('An "id_token" property must be provided'); } } /** * Get the id token value from this access token response. */ public function getIdToken(): string { return $this->getValues()['id_token']; } }