Add support for post parameters to OAuth2Client (#468)

benndt · web-flow · commit 5b8946213b9a · 2025-12-03T18:28:19.000+01:00
diff --git a/src/Client/OAuth2Client.php b/src/Client/OAuth2Client.php
@@ -93,13 +93,13 @@ public function getAccessToken(array $options = [])
 
         if (!$this->isStateless()) {
             $expectedState = $this->getSession()->get(self::OAUTH2_SESSION_STATE_KEY);
-            $actualState = $request->query->get('state');
+            $actualState = $this->getRequestParameter('state');
             if (!$actualState || ($actualState !== $expectedState)) {
                 throw new InvalidStateException('Invalid state');
             }
         }
 
-        $code = $request->query->get('code');
+        $code = $this->getRequestParameter('code');
 
         if (!$code) {
             throw new MissingAuthorizationCodeException('No "code" parameter was found (usually this is a query parameter)!');
@@ -194,4 +194,19 @@ private function getSession()
 
         return $this->getCurrentRequest()->getSession();
     }
+
+    /**
+     * @param RequestStack $request
+     * @param string $key
+     *
+     * @return string|int|float|bool|null
+     */
+    private function getRequestParameter(RequestStack $request, string $key)
+    {
+        if ($request->query->has($key)) {
+            return $request->query->get($key);
+        }
+
+        return $request->request->get($key);
+    }
 }
diff --git a/tests/Client/OAuth2ClientTest.php b/tests/Client/OAuth2ClientTest.php
@@ -160,6 +160,23 @@ public function testGetAccessTokenWithOptions()
         $this->assertSame($expectedToken, $actualToken);
     }
 
+    public function testGetAccessTokenFromPOST()
+    {
+        $this->request->request->set('code', 'CODE_ABC');
+
+        $expectedToken = new AccessToken(['access_token' => 'foo']);
+        $this->provider->method('getAccessToken')
+            ->with('authorization_code', ['code' => 'CODE_ABC'])
+            ->willReturn($expectedToken);
+
+        $client = new OAuth2Client(
+            $this->provider,
+            $this->requestStack
+        );
+        $client->setAsStateless();
+        $this->assertSame($expectedToken, $client->getAccessToken());
+    }
+
     public function testRefreshAccessToken()
     {
         $existingToken = new AccessToken([
