The start of something beautiful

vendor/symfony/security-http/AccessToken/QueryAccessTokenExtractor.php

@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\AccessToken;
+
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Extracts a token from a query string parameter.
+ *
+ * WARNING!
+ * Because of the security weaknesses associated with the URI method,
+ * including the high likelihood that the URL containing the access token will be logged,
+ * it SHOULD NOT be used unless it is impossible to transport the access token in the
+ * request header field.
+ *
+ * @author Florent Morselli <florent.morselli@spomky-labs.com>
+ *
+ * @see https://datatracker.ietf.org/doc/html/rfc6750#section-2.3
+ */
+final class QueryAccessTokenExtractor implements AccessTokenExtractorInterface
+{
+    public const PARAMETER = 'access_token';
+
+    public function __construct(
+        private readonly string $parameter = self::PARAMETER,
+    ) {
+    }
+
+    public function extractAccessToken(Request $request): ?string
+    {
+        $parameter = $request->query->get($this->parameter);
+
+        return \is_string($parameter) ? $parameter : null;
+    }
+}