// Call the OIDC server to retrieve the user info
// If the token is invalid or expired, the OIDC server will return an error
$claims =
$this->client->
request('GET', '',
[ 'auth_bearer' =>
$accessToken,
])->
toArray();
if (empty($claims[$this->claim
])) { throw new MissingClaimException(sprintf('"%s" claim not found on OIDC server response.',
$this->claim
));
} // UserLoader argument can be overridden by a UserProvider on AccessTokenAuthenticator::authenticate
return new UserBadge($claims[$this->claim
],
new FallbackUserLoader(fn () =>
$this->
createUser($claims)),
$claims);
} catch (\Exception
$e) { $this->logger?->
error('An error occurred on OIDC server.',
[ 'error' =>
$e->
getMessage(),
'trace' =>
$e->
getTraceAsString(),
]);
throw new BadCredentialsException('Invalid credentials.',
$e->
getCode(),
$e);
} }}