access to undefined property aud
matt-gnu opened this issue · comments
Matthias Merz commented
In current version 2.1.0 we do get (on requests with old/invalid tokens):
PHP Notice: Undefined property: stdClass::$aud in [...]/vendor/amzn/login-and-pay-with-amazon-sdk-php/PayWithAmazon/Client.php on line 306
PHP Stack trace:
...
PHP 11. PayWithAmazon\Client->getUserInfo() [...]/AmazonGateway.php:153
this is caused by Client.php not checking for errors and unconditionally accessing $data->aud:
public function getUserInfo($accessToken)
...
$response = $httpCurlRequest->httpGet($url);
$data = json_decode($response);
if ($data->aud != $this->config['client_id']) {
// The access token does not belong to us
throw new \Exception('The Access token entered is incorrect');
}
You should also catch something like this:
if (isset($data->error) && $data->error === 'invalid_token') {
throw new \Exception('The Access token entered is incorrect');
}
because in that case, $data->aud will not exist. And maybe also throw an exception if $data is empty because of json parsing errors ;-)