bshaffer · jcherniak · Nov 8, 2016
diff --git a/src/OAuth2/OpenID/Controller/TokenController.php b/src/OAuth2/OpenID/Controller/TokenController.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace OAuth2\OpenID\Controller;
+
+use OAuth2\ResponseType\AccessTokenInterface;
+use OAuth2\ClientAssertionType\ClientAssertionTypeInterface;
+use OAuth2\Controller\TokenControllerInterface;
+use OAuth2\ScopeInterface;
+use OAuth2\Storage\ClientInterface;
+use OAuth2\RequestInterface;
+use OAuth2\ResponseInterface;
+use OAuth2\Controller\TokenController as BaseController;
+use OAuth2\OpenID\ResponseType\IdTokenInterface;
+use OAuth2\OpenID\Storage\UserClaimsInterface;
+
+class TokenController extends BaseController implements TokenControllerInterface
+{
+    protected $idToken;
+    protected $userClaimsStorage;
+
+    public function __construct(AccessTokenInterface $accessToken, ClientInterface $clientStorage, IdTokenInterface $idToken, UserClaimsInterface $userClaimsStorage, array $grantTypes = array(), ClientAssertionTypeInterface $clientAssertionType = null, ScopeInterface $scopeUtil = null)
+    {
+        parent::__construct($accessToken, $clientStorage, $grantTypes, $clientAssertionType, $scopeUtil);
+
+        $this->idToken = $idToken;
+        $this->userClaimsStorage = $userClaimsStorage;
+    }
+
+    public function grantAccessToken(RequestInterface $request, ResponseInterface $response)
+    {
+        $accessToken = parent::grantAccessToken($request, $response);
+
+        if ($accessToken != null && array_key_exists('scope', $accessToken) && in_array('openid', explode(' ', $accessToken['scope']))) {
+            $grantTypeIdentifier = $request->request('grant_type');
+            $grantType = $this->grantTypes[$grantTypeIdentifier];
+
+            $userId = $grantType->getUserId();
+            $scope = $grantType->getScope();
+
+            $claims = $this->userClaimsStorage->getUserClaims($userId, $scope);
+            $accessToken['id_token'] = $this->idToken->createIdToken($grantType->getClientId(), $userId, null, $claims);
+        }
+
+        return $accessToken;
+    }
+}
diff --git a/src/OAuth2/Server.php b/src/OAuth2/Server.php
@@ -4,6 +4,7 @@
 
 use OAuth2\Controller\ResourceControllerInterface;
 use OAuth2\Controller\ResourceController;
+use OAuth2\OpenID\Controller\TokenController as OpenIDTokenController;
 use OAuth2\OpenID\Controller\UserInfoControllerInterface;
 use OAuth2\OpenID\Controller\UserInfoController;
 use OAuth2\OpenID\Controller\AuthorizeController as OpenIDAuthorizeController;
@@ -616,6 +617,10 @@ protected function createDefaultTokenController()
 
         $accessTokenResponseType = $this->getAccessTokenResponseType();
 
+        if ($this->config['use_openid_connect']) {
+            return new OpenIDTokenController($accessTokenResponseType, $this->storages['client'], $this->getIdTokenResponseType(), $this->storages['user_claims'], $this->grantTypes, $this->clientAssertionType, $this->getScopeUtil());
+        }
+
         return new TokenController($accessTokenResponseType, $this->storages['client'], $this->grantTypes, $this->clientAssertionType, $this->getScopeUtil());
     }