request = $container->get(IRequest::class); $this->bearerAuthenticator = $container->get(BearerAuthenticator::class); } public function beforeController($controller, $methodName) { $currentRoute = $this->request->getParams()["_route"]; $publicRoutes = [ "scimserviceprovider.service_provider_configuration.resource_types", "scimserviceprovider.service_provider_configuration.schemas", "scimserviceprovider.service_provider_configuration.service_provider_config" ]; // Don't require an auth header for public routes if (in_array($currentRoute, $publicRoutes)) { return; } $authHeader = $this->request->getHeader('Authorization'); if (empty($authHeader)) { throw new AuthException("No Authorization header supplied"); } $authHeaderSplit = explode(' ', $authHeader); if (count($authHeaderSplit) !== 2 || strcmp($authHeaderSplit[0], "Bearer") !== 0) { throw new AuthException("Incorrect Bearer token format"); } $token = $authHeaderSplit[1]; // Currently the second parameter to authenticate() is an empty array // (the second parameter is meant to carry authorization information) if (!$this->bearerAuthenticator->authenticate($token, [])) { throw new AuthException("Bearer token is invalid"); } } public function afterException($controller, $methodName, Exception $exception) { if ($exception instanceof AuthException) { return new SCIMErrorResponse(['message' => $exception->getMessage()], 401); } } }