<?phpnamespace App\BundleExtensions\Oauth2;use App\Entity\User;use FOS\OAuthServerBundle\Storage\OAuthStorage as OAuthStorageBase;use OAuth2\Model\IOAuth2Client;use OAuth2\OAuth2;use OAuth2\OAuth2ServerException;use Symfony\Component\HttpFoundation\Response;class OAuthStorage extends OAuthStorageBase{ public function checkUserCredentials(IOAuth2Client $client, $username, $password) { $stored = parent::checkUserCredentials($client, $username, $password); if ($stored == false) return $stored; /** @var User $user */ $user = $stored["data"]; $allowedRoles = explode(" ", $client->getAllowedRoles()); $roles = array_map(function($role){ return strtolower(str_replace("ROLE_", "", $role)); }, $user->getRoles()); if(!count(array_intersect($allowedRoles, $roles))) throw new OAuth2ServerException(Response::HTTP_FORBIDDEN, OAuth2::ERROR_USER_DENIED); return $stored; }}