magento
diff --git a/‎app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserService.php‎
Lines changed: 72 additions & 21 deletions b/‎app/code/Magento/AdminAdobeIms/Model/Authorization/AdobeImsAdminTokenUserService.php‎
Lines changed: 72 additions & 21 deletions
@@ -3,7 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 declare(strict_types=1);
 
 namespace Magento\AdminAdobeIms\Model\Authorization;
@@ -13,6 +12,8 @@
 use Magento\AdminAdobeIms\Service\AdminReauthProcessService;
 use Magento\AdminAdobeIms\Service\ImsConfig;
 use Magento\AdobeIms\Exception\AdobeImsOrganizationAuthorizationException;
+use Magento\AdobeImsApi\Api\Data\TokenResponseInterface;
+use Magento\AdobeImsApi\Api\Data\TokenResponseInterfaceFactory;
 use Magento\AdobeImsApi\Api\GetProfileInterface;
 use Magento\AdobeImsApi\Api\GetTokenInterface;
 use Magento\AdobeImsApi\Api\OrganizationMembershipInterface;
@@ -27,6 +28,7 @@
 class AdobeImsAdminTokenUserService
 {
     private const ADOBE_IMS_MODULE_NAME = 'adobe_ims_auth';
+    private const AUTHORIZATION_METHOD_HEADER_BEARER = 'bearer';
 
     /**
      * @var ImsConfig
@@ -63,6 +65,11 @@ class AdobeImsAdminTokenUserService
      */
     private RequestInterface $request;
 
+    /**
+     * @var TokenResponseInterfaceFactory
+     */
+    private $tokenResponseFactory;
+
     /**
      * @param ImsConfig $adminImsConfig
      * @param OrganizationMembershipInterface $organizationMembership
@@ -71,6 +78,7 @@ class AdobeImsAdminTokenUserService
      * @param RequestInterface $request
      * @param GetTokenInterface $token
      * @param GetProfileInterface $profile
+     * @param TokenResponseInterfaceFactory $tokenResponseFactory
      */
     public function __construct(
         ImsConfig $adminImsConfig,
@@ -79,7 +87,8 @@ public function __construct(
         AdminReauthProcessService $adminReauthProcessService,
         RequestInterface $request,
         GetTokenInterface $token,
-        GetProfileInterface $profile
+        GetProfileInterface $profile,
+        TokenResponseInterfaceFactory $tokenResponseFactory
     ) {
         $this->adminImsConfig = $adminImsConfig;
         $this->organizationMembership = $organizationMembership;
@@ -88,6 +97,7 @@ public function __construct(
         $this->request = $request;
         $this->token = $token;
         $this->profile = $profile;
+        $this->tokenResponseFactory = $tokenResponseFactory;
     }
 
     /**
@@ -101,29 +111,19 @@ public function __construct(
      */
     public function processLoginRequest(bool $isReauthorize = false): void
     {
-        if ($this->adminImsConfig->enabled() && $this->request->getParam('code')
+        if ($this->adminImsConfig->enabled()
             && $this->request->getModuleName() === self::ADOBE_IMS_MODULE_NAME) {
             try {
-                $code = $this->request->getParam('code');
-
-                //get token from response
-                $tokenResponse = $this->token->getTokenResponse($code);
-                $accessToken = $tokenResponse->getAccessToken();
-
-                //get profile info to check email
-                $profile = $this->profile->getProfile($accessToken);
-                if (empty($profile['email'])) {
-                    throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
-                }
-
-                //check membership in organization
-                $this->organizationMembership->checkOrganizationMembership($accessToken);
-
-                if ($isReauthorize) {
-                    $this->adminReauthProcessService->execute($tokenResponse);
+                if ($this->request->getHeader('Authorization')) {
+                    $tokenResponse = $this->getRequestedToken();
+                } elseif ($this->request->getParam('code')) {
+                    $code = $this->request->getParam('code');
+                    $tokenResponse = $this->token->getTokenResponse($code);
                 } else {
-                    $this->adminLoginProcessService->execute($tokenResponse, $profile);
+                    throw new AuthenticationException(__('Unable to get Access Token. Please try again.'));
                 }
+
+                $this->getLoggedIn($isReauthorize, $tokenResponse);
             } catch (AdobeImsAuthorizationException $e) {
                 throw new AdobeImsAuthorizationException(
                     __('You don\'t have access to this Commerce instance')
@@ -137,4 +137,55 @@ public function processLoginRequest(bool $isReauthorize = false): void
             throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
         }
     }
+
+    /**
+     * Get requested token using Authorization header
+     *
+     * @return \Magento\AdobeImsApi\Api\Data\TokenResponseInterface
+     * @throws AuthenticationException
+     */
+    private function getRequestedToken()
+    {
+        $authorizationHeaderValue = $this->request->getHeader('Authorization');
+        if (!$authorizationHeaderValue) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $headerPieces = explode(" ", $authorizationHeaderValue);
+        if (count($headerPieces) !== 2) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $tokenType = strtolower($headerPieces[0]);
+        if ($tokenType !== self::AUTHORIZATION_METHOD_HEADER_BEARER) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $tokenResponse['access_token'] = $headerPieces[1];
+        return $this->tokenResponseFactory->create(['data' => $tokenResponse]);
+    }
+
+    /**
+     * Responsible for logging in to Admin Panel
+     *
+     * @param bool $isReauthorize
+     * @param TokenResponseInterface $tokenResponse
+     * @return void
+     * @throws AuthenticationException
+     */
+    private function getLoggedIn(bool $isReauthorize, TokenResponseInterface $tokenResponse)
+    {
+        $profile = $this->profile->getProfile($tokenResponse->getAccessToken());
+        if (empty($profile['email'])) {
+            throw new AuthenticationException(__('An authentication error occurred. Verify and try again.'));
+        }
+
+        $this->organizationMembership->checkOrganizationMembership($tokenResponse->getAccessToken());
+
+        if ($isReauthorize) {
+            $this->adminReauthProcessService->execute($tokenResponse);
+        } else {
+            $this->adminLoginProcessService->execute($tokenResponse, $profile);
+        }
+    }
 }