Source code should not contain tasks comments 8

More information: https://insight.symfony.com/what-we-analyse/task_fixme_comment

  1. *
  2. * @return array
  3. */
  4. private function loadRequestObject(array $params, string $request, Client &$client = null): array
  5. {
  6. // FIXME Can be

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  7. // - encrypted (not supported)
  8. // - encrypted and signed (supported)
  9. // - signed (supported)
  10. $request = $this->tryToLoadEncryptedRequest($request);
  1. $parameters = array_merge($params, $claims);
  2. $client = $this->getClient($parameters);
  3. $public_key_set = $this->getClientKeySet($client);
  4. $this->checkAlgorithms($jwt, $client);
  5. if (!$this->jwsVerifier->verifyWithKeySet($jwt, $public_key_set, 0)) { //FIXME: header checker should be used

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  6. throw new \InvalidArgumentException('The verification of the request object failed.');
  7. }
  8. return $parameters;
  9. } catch (OAuth2Message $e) {
  1. throw $e;
  2. } catch (\Exception $e) {
  3. throw new OAuth2Message(400, OAuth2Message::ERROR_INVALID_REQUEST, 'Unable to load, decrypt or verify the client assertion.', [], $e);
  4. }
  5. // FIXME: Other claims can be considered as mandatory by the server

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  6. $diff = array_diff(['iss', 'sub', 'aud', 'exp'], array_keys($claims));
  7. if (!empty($diff)) {
  8. throw new OAuth2Message(400, OAuth2Message::ERROR_INVALID_REQUEST, sprintf('The following claim(s) is/are mandatory: "%s".', implode(', ', array_values($diff))));
  9. }
  1. *
  2. * @return null|mixed
  3. */
  4. private function getUserClaim(UserAccount $userAccount, string $claimName, ?array $config)
  5. {
  6. // FIXME: "acr" claim support has to be added.

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  7. if ($userAccount->has($claimName)) {
  8. $claim = $userAccount->get($claimName);
  9. switch (true) {
  10. case is_array($config) && array_key_exists('value', $config):
  11. if ($claim === $config['value']) {
  1. return $response;
  2. }
  3. protected function processConsentScreen(ServerRequestInterface $request, Authorization $authorization): ResponseInterface
  4. {
  5. //FIXME: $options = $this->processConsentScreenOptions($authorization);

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  6. if ($locale = $this->getUiLocale($authorization)) {
  7. $this->session->set('_locale', $locale);
  8. }
  9. $options = array_merge(
  10. //FIXME: $options,
  1. //FIXME: $options = $this->processConsentScreenOptions($authorization);
  2. if ($locale = $this->getUiLocale($authorization)) {
  3. $this->session->set('_locale', $locale);
  4. }
  5. $options = array_merge(
  6. //FIXME: $options,

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  7. [
  8. //'scopes' => $authorization->getScopes(),
  9. //FIXME: 'allowScopeSelection' => $this->allowScopeSelection,
  10. ]
  11. );
  1. }
  2. $options = array_merge(
  3. //FIXME: $options,
  4. [
  5. //'scopes' => $authorization->getScopes(),
  6. //FIXME: 'allowScopeSelection' => $this->allowScopeSelection,

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  7. ]
  8. );
  9. $authorization_model = new AuthorizationModel();
  10. //$authorization_model->setScopes($authorization->getScopes());
  11. $form = $this->formFactory->createForm($options, $authorization_model);
  1. $content = $this->templateEngine->render(
  2. $this->template,
  3. [
  4. 'form' => $form->createView(),
  5. 'authorization' => $authorization,
  6. //FIXME: 'is_pre_configured_authorization_enabled' => true,

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Spomky
  7. ]
  8. );
  9. $response = $this->messageFactory->createResponse(200);
  10. $response->getBody()->write($content);

Code should not be duplicated 5

More information: https://insight.symfony.com/what-we-analyse/php.duplicated_code

  1. /**
  2. * {@inheritdoc}
  3. */
  4. public static function createFromJson(\stdClass $json): DomainObject
  5. {
  6. $accessTokenId = AccessTokenId::create($json->domain_id);

    The next 10 lines appear both in src/Component/Core/AccessToken/Event/AccessTokenCreatedEvent.php:113 and src/Component/RefreshTokenGrant/Event/RefreshTokenCreatedEvent.php:193.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Spomky
  7. $resourceOwnerClass = $json->payload->resource_owner_class;
  8. $resourceOwnerId = $resourceOwnerClass::create($json->payload->resource_owner_id);
  9. $clientId = ClientId::create($json->payload->client_id);
  10. $parameters = DataBag::create((array) $json->payload->parameters);
  11. $metadatas = DataBag::create((array) $json->payload->metadatas);
  1. }
  2. /**
  3. * {@inheritdoc}
  4. */
  5. public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface

    The next 46 lines appear both in src/Component/Core/Middleware/Pipe.php:85 and src/IssuerDiscoveryBundle/Middleware/Pipe.php:41.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Spomky
  6. {
  7. $this->middlewares[] = new RequestHandler(function (ServerRequestInterface $request) use ($handler) {
  8. return $handler->handle($request);
  9. });
  1. * of the MIT license. See the LICENSE file for details.
  2. */
  3. namespace OAuth2Framework\IssuerDiscoveryBundle\Service;
  4. use Symfony\Component\Config\Loader\LoaderInterface;

    The next 38 lines appear both in src/IssuerDiscoveryBundle/Service/RouteLoader.php:16 and src/ServerBundle/Routing/RouteLoader.php:16.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Florent Morselli
  5. use Symfony\Component\Config\Loader\LoaderResolverInterface;
  6. use Symfony\Component\Routing\Route;
  7. use Symfony\Component\Routing\RouteCollection;
  8. class RouteLoader implements LoaderInterface
  1. ->end();
  2. }
  3. if (class_exists(MacToken::class)) {
  4. $rootNode
  5. ->children()

    The next 39 lines appear both in src/SecurityBundle/DependencyInjection/Configuration.php:85 and src/ServerBundle/Component/TokenType/TokenTypeSource.php:86.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Spomky
  6. ->arrayNode('mac_token')
  7. ->addDefaultsIfNotSet()
  8. ->canBeDisabled()
  9. ->validate()
  10. ->ifTrue(function ($config) {
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function load(array $configs, ContainerBuilder $container)
  5. {
  6. foreach ($this->subComponents as $subComponent) {

    The next 42 lines appear both in src/ServerBundle/Component/Endpoint/EndpointSource.php:67 and src/ServerBundle/Component/Grant/GrantSource.php:65.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Spomky
  7. $subComponent->load($configs, $container);
  8. }
  9. }
  10. /**

Source code should not contain TODO comments 2

More information: https://insight.symfony.com/what-we-analyse/task_todo_comment

  1. return 'key_set';
  2. }
  3. public function load(array $configs, ContainerBuilder $container)
  4. {
  5. // TODO: Implement load() method.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Spomky
  6. }
  7. /**
  8. * {@inheritdoc}
  9. */
  1. $container->set(ClientConfigurationEndpoint::class)
  2. ->args([
  3. ref(\OAuth2Framework\Component\Core\Client\ClientRepository::class),
  4. ref('oauth2_server.client_configuration.bearer_token'),
  5. ref(\Http\Message\ResponseFactory::class), //TODO: change the way the response factory is managed

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Spomky
  6. ref(RuleManager::class),
  7. ]);
  8. $container->set('oauth2_server.client_configuration.middleware')
  9. ->class(ClientConfigurationMiddleware::class)

Commented code should not be committed 14

More information: https://insight.symfony.com/what-we-analyse/php.commented_out_code

  1. $requestedClaims = array_merge(
  2. $this->getClaimsFromClaimScope($scope),
  3. $requestedClaims
  4. );
  5. $claims = $this->getClaimValues($userAccount, $requestedClaims, $claimsLocales);
  6. /*$claims = array_merge(

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. $claims,
  8. $this->claimSourceManager->getUserInfo($userAccount, $scope, [])
  9. );*/
  10. $claims['sub'] = $this->calculateSubjectIdentifier($client, $userAccount, $redirectUri);
  1. $claimsLocales = [];
  2. } elseif (true === is_string($claimsLocales)) {
  3. $claimsLocales = array_unique(explode(' ', $claimsLocales));
  4. }
  5. $result = $this->claimManager->getUserInfo($userAccount, $requestedClaims, $claimsLocales);
  6. /*foreach ($requestedClaims as $claim => $config) {

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. foreach ($claimsLocales as $claims_locale) {
  8. $claim_locale = $this->computeClaimWithLocale($claim, $claims_locale);
  9. $claim_value = $this->getUserClaim($userAccount, $claim_locale, $config);
  10. if (null !== $claim_value) {
  11. $result[$claim_locale] = $claim_value;
  1. $this->translator = $translator;
  2. $this->formFactory = $formFactory;
  3. $this->formHandler = $formHandler;
  4. $this->template = $template;
  5. $this->templateEngine = $templateEngine;
  6. //$this->allowScopeSelection = $allowScopeSelection;

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Florent Morselli
  7. }
  8. /**
  9. * {@inheritdoc}
  10. */
  1. return $response;
  2. }
  3. protected function processConsentScreen(ServerRequestInterface $request, Authorization $authorization): ResponseInterface
  4. {
  5. //FIXME: $options = $this->processConsentScreenOptions($authorization);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. if ($locale = $this->getUiLocale($authorization)) {
  7. $this->session->set('_locale', $locale);
  8. }
  9. $options = array_merge(
  10. //FIXME: $options,
  1. //'scopes' => $authorization->getScopes(),
  2. //FIXME: 'allowScopeSelection' => $this->allowScopeSelection,
  3. ]
  4. );
  5. $authorization_model = new AuthorizationModel();
  6. //$authorization_model->setScopes($authorization->getScopes());

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. $form = $this->formFactory->createForm($options, $authorization_model);
  8. $this->session->remove('oauth2_authorization_request_data');
  9. if ('POST' === $request->getMethod()) {
  10. $authorization = $this->formHandler->handle($form, $request, $authorization, $authorization_model);
  1. $authorization = $this->formHandler->handle($form, $request, $authorization, $authorization_model);
  2. if (is_bool($authorization->isAuthorized())) {
  3. throw new ProcessAuthorizationException($authorization);
  4. //FIXME
  5. /*return [

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Florent Morselli
  6. 'save_authorization' => $authorization_model->isSaveConfiguration(),
  7. ];*/
  8. }
  9. }
  1. }
  2. $this->checkResponseTypes($commandParameters);
  3. $validatedParameters->with('response_types', $commandParameters->get('response_types'));
  4. $validatedParameters = $next($clientId, $commandParameters, $validatedParameters);
  5. //$this->checkGrantTypes($validatedParameters);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. return $validatedParameters;
  7. }
  8. /**
  1. {
  2. if (null === $this->scope) {
  3. throw new \LogicException('It is mandatory to set the scope.');
  4. }
  5. $data = $this->userinfo->getUserinfo($this->client, $this->userAccount, $this->redirectUri, $this->requestedClaims, $this->scope, $this->claimsLocales);
  6. //$data = $this->updateClaimsWithAmrAndAcrInfo($data, $this->userAccount);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. //$data = $this->updateClaimsWithAuthenticationTime($data, $this->userAccount, $this->requestedClaims);
  8. $data = $this->updateClaimsWithNonce($data);
  9. if (null !== $this->signatureAlgorithm) {
  10. $data = $this->updateClaimsWithJwtClaims($data);
  11. $data = $this->updateClaimsWithTokenHash($data);
  1. if (null === $this->scope) {
  2. throw new \LogicException('It is mandatory to set the scope.');
  3. }
  4. $data = $this->userinfo->getUserinfo($this->client, $this->userAccount, $this->redirectUri, $this->requestedClaims, $this->scope, $this->claimsLocales);
  5. //$data = $this->updateClaimsWithAmrAndAcrInfo($data, $this->userAccount);
  6. //$data = $this->updateClaimsWithAuthenticationTime($data, $this->userAccount, $this->requestedClaims);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. $data = $this->updateClaimsWithNonce($data);
  8. if (null !== $this->signatureAlgorithm) {
  9. $data = $this->updateClaimsWithJwtClaims($data);
  10. $data = $this->updateClaimsWithTokenHash($data);
  11. $data = $this->updateClaimsAudience($data);
  1. private function populateWithIdToken(Authorization $authorization): Authorization
  2. {
  3. $params = $authorization->getQueryParams();
  4. $requestedClaims = $this->getIdTokenClaims($authorization);
  5. if ($authorization->hasQueryParam('claims')) {
  6. //$authorization = $authorization->withMetadata('requested_claims', $authorization->getQueryParam('claims'));

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. }
  8. $idTokenBuilder = $this->idTokenBuilderFactory->createBuilder(
  9. $authorization->getClient(),
  10. $authorization->getUserAccount(),
  1. $commandParameters = $commandParameters->with('grant_types', []);
  2. }
  3. $this->checkGrantTypes($commandParameters);
  4. $validatedParameters->with('grant_types', $commandParameters->get('grant_types'));
  5. $validatedParameters = $next($clientId, $commandParameters, $validatedParameters);
  6. //$this->checkResponseTypes($validatedParameters);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. return $validatedParameters;
  8. }
  9. /**
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function prepend(ContainerBuilder $container, array $config): array
  5. {
  6. /*

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. $currentPath = $path.'['.$this->name().']';
  8. $accessor = PropertyAccess::createPropertyAccessor();
  9. $sourceConfig = $accessor->getValue($bundleConfig, $currentPath);
  10. ConfigurationHelper::addJWSBuilder($container, $this->name(), $sourceConfig['signature_algorithms'], false);
  11. ConfigurationHelper::addJWSLoader($container, $this->name(), $sourceConfig['signature_algorithms'], [], ['jws_compact'], false);
  1. if (true === $button->isClicked()) {
  2. $authorization = $authorization->allow();
  3. } else {
  4. $authorization = $authorization->deny();
  5. }
  6. /*$refused_scopes = array_diff(

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. $authorization->getScopes(),
  8. $authorization_model->getScopes()
  9. );
  10. foreach ($refused_scopes as $refused_scope) {
  11. $authorization = $authorization->withoutScope($refused_scope);
  1. class AuthorizationType extends AbstractType
  2. {
  3. public function buildForm(FormBuilderInterface $builder, array $options)
  4. {
  5. /*if (true === $options['allow_scope_selection']) {

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Florent Morselli
  6. $builder->add('scopes', ChoiceType::class, [
  7. 'label' => $translator->trans('authorization.form.scope', [], $options['translation_domain'], $options['locale']),
  8. 'multiple' => 'true',
  9. 'expanded' => 'true',
  10. 'required' => false,

Unused method, property, variable or parameter 15

More information: https://insight.symfony.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. private $userinfoScopeSupportManager;
  2. /**
  3. * @var ClaimSourceManager
  4. */
  5. private $claimSourceManager;

    This claimSourceManager attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Florent Morselli
  6. /**
  7. * @var ClaimManager
  8. */
  9. private $claimManager;
  1. * @param string $claimName
  2. * @param null|array $config
  3. *
  4. * @return null|mixed
  5. */
  6. private function getUserClaim(UserAccount $userAccount, string $claimName, ?array $config)

    This getUserClaim method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. {
  8. // FIXME: "acr" claim support has to be added.
  9. if ($userAccount->has($claimName)) {
  10. $claim = $userAccount->get($claimName);
  11. switch (true) {
  1. /**
  2. * @param DataBag $parameters
  3. *
  4. * @throws \InvalidArgumentException
  5. */
  6. private function checkGrantTypes(DataBag $parameters)

    This checkGrantTypes method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. {
  8. $grantTypes = $parameters->has('grant_types') ? $parameters->get('grant_types') : [];
  9. foreach ($parameters->get('response_types') as $responseType) {
  10. $type = $this->responseTypeManager->get($responseType);
  11. $diff = array_diff($type->associatedGrantTypes(), $grantTypes);
  1. * @param array $claims
  2. * @param UserAccount $userAccount
  3. *
  4. * @return array
  5. */
  6. private function updateClaimsWithAuthenticationTime(array $claims, UserAccount $userAccount, array $requestedClaims): array

    This updateClaimsWithAuthenticationTime method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. {
  8. if ((true === $this->withAuthenticationTime || array_key_exists('auth_time', $requestedClaims)) && null !== $userAccount->getLastLoginAt()) {
  9. $claims['auth_time'] = $userAccount->getLastLoginAt();
  10. }
  1. /**
  2. * @param DataBag $parameters
  3. *
  4. * @throws \InvalidArgumentException
  5. */
  6. private function checkResponseTypes(DataBag $parameters)

    This checkResponseTypes method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. {
  8. $responseTypes = $parameters->has('response_types') ? $parameters->get('response_types') : [];
  9. $list = [];
  10. foreach ($responseTypes as $responseType) {
  11. $list = array_merge(
  1. use Symfony\Component\Form\Exception\InvalidArgumentException;
  2. use Symfony\Component\Form\FormInterface;
  3. class AuthorizationFormHandler
  4. {
  5. public function handle(FormInterface $form, ServerRequestInterface $request, Authorization $authorization, AuthorizationModel $authorization_model): Authorization

    This authorization_model argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Florent Morselli
  6. {
  7. if ('POST' !== $request->getMethod()) {
  8. throw new OAuth2Message(
  9. 405,
  10. OAuth2Message::ERROR_INVALID_REQUEST,
  1. }
  2. /**
  3. * @return bool
  4. */
  5. private function isTokenFromAuthorizationHeaderAllowed(): bool

    This isTokenFromAuthorizationHeaderAllowed method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. {
  7. return $this->tokenFromAuthorizationHeaderAllowed;
  8. }
  9. /**
  1. }
  2. /**
  3. * @return bool
  4. */
  5. private function isTokenFromRequestBodyAllowed(): bool

    This isTokenFromRequestBodyAllowed method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. {
  7. return $this->tokenFromRequestBodyAllowed;
  8. }
  9. /**
  1. }
  2. /**
  3. * @return bool
  4. */
  5. private function isTokenFromQueryStringAllowed(): bool

    This isTokenFromQueryStringAllowed method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. {
  7. return $this->tokenFromQueryStringAllowed;
  8. }
  9. /**
  1. *
  2. * @param ServerRequestInterface $request
  3. *
  4. * @return string|null
  5. */
  6. private function getTokenFromRequestBody(ServerRequestInterface $request): ?string

    This getTokenFromRequestBody method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. {
  8. try {
  9. $parameters = RequestBodyParser::parseFormUrlEncoded($request);
  10. return is_array($parameters) ? $this->getAccessTokenFromParameters($parameters) : null;
  1. public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
  2. {
  3. try {
  4. return $handler->handle($request);
  5. } catch (OAuth2Message $e) {
  6. return $oauth2Response = $this->auth2messageFactoryManager->getResponse($e);

    This oauth2Response local variable is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. }
  8. }
  9. }
  1. private $jweDecrypter = null;
  2. /**
  3. * @var HeaderCheckerManager
  4. */
  5. private $headerCheckerManager;

    This headerCheckerManager attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. /**
  7. * @var ClaimCheckerManager
  8. */
  9. private $claimCheckerManager;
  1. private $jwsLoader;
  2. /**
  3. * @var string[]
  4. */
  5. private $signatureAlgorithms;

    This signatureAlgorithms attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  6. /**
  7. * IdTokenLoader constructor.
  8. *
  9. * @param JWSLoader $jwsLoader
  1. * @param Client $client
  2. * @param string $grant_type
  3. *
  4. * @return bool
  5. */
  6. private function isGrantTypeAllowedForTheClient(Client $client, string $grant_type): bool

    This isGrantTypeAllowedForTheClient method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Spomky
  7. {
  8. $grant_types = $client->has('grant_types') ? $client->get('grant_types') : [];
  9. if (!is_array($grant_types)) {
  10. throw new \InvalidArgumentException('The metadata "grant_types" must be an array.');
  11. }
  1. foreach ($taggedServices as $id => $tags) {
  2. foreach ($tags as $attributes) {
  3. if (!array_key_exists('alias', $attributes)) {
  4. throw new \InvalidArgumentException(sprintf('The PKCE method "%s" does not have any "alias" attribute.', $id));
  5. }
  6. $loaded[] = $attributes['alias'];

    This loaded local variable is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Florent Morselli
  7. $definition->addMethodCall('add', [new Reference($id)]);
  8. }
  9. }
  10. if (!$container->hasDefinition(MetadataBuilder::class)) {