PHP HTTP_OAuth2_RequestInterface::headers Beispiele

Programmiersprache: PHP

Klasse / Typ: HTTP_OAuth2_RequestInterface

Methode / Funktion: headers

Beispiele auf hotexamples.com: 2

PHP HTTP_OAuth2_RequestInterface::headers - 2 Beispiele gefunden. Dies sind die am besten bewerteten PHP Beispiele für die HTTP_OAuth2_RequestInterface::headers, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Häufig verwendete Methoden

Anzeigen Verbergen

request(8)

query(3)

headers(2)

server(2)

Häufig verwendete Methoden

request (8)

query (3)

headers (2)

server (2)

Beispiel #1

Datei anzeigen

Datei: HttpBasic.php Projekt: roojs/pear

 /**
  * Internal function used to get the client credentials from HTTP basic
  * auth or POST data.
  *
  * According to the spec (draft 20), the client_id can be provided in
  * the Basic Authorization header (recommended) or via GET/POST.
  *
  * @return
  * A list containing the client identifier and password, for example
  * @code
  * return array(
  *     "client_id"     => CLIENT_ID,        // REQUIRED the client id
  *     "client_secret" => CLIENT_SECRET,    // OPTIONAL the client secret (may be omitted for public clients)
  * );
  * @endcode
  *
  * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
  *
  * @ingroup oauth2_section_2
  */
 public function getClientCredentials(HTTP_OAuth2_RequestInterface $request, HTTP_OAuth2_ResponseInterface $response = null)
 {
     if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
         return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
     }
     if ($this->config['allow_credentials_in_request_body']) {
         // Using POST for HttpBasic authorization is not recommended, but is supported by specification
         if (!is_null($request->request('client_id'))) {
             /**
              * client_secret can be null if the client's password is an empty string
              * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
              */
             return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
         }
     }
     if ($response) {
         $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
         $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers' . $message);
     }
     return null;
 }

Beispiel #2

Datei anzeigen

Datei: Bearer.php Projekt: roojs/pear

 /**
  * This is a convenience function that can be used to get the token, which can then
  * be passed to getAccessTokenData(). The constraints specified by the draft are
  * attempted to be adheared to in this method.
  *
  * As per the Bearer spec (draft 8, section 2) - there are three ways for a client
  * to specify the bearer token, in order of preference: Authorization Header,
  * POST and GET.
  *
  * NB: Resource servers MUST accept tokens via the Authorization scheme
  * (http://tools.ietf.org/html/rfc6750#section-2).
  *
  * @todo Should we enforce TLS/SSL in this function?
  *
  * @see http://tools.ietf.org/html/rfc6750#section-2.1
  * @see http://tools.ietf.org/html/rfc6750#section-2.2
  * @see http://tools.ietf.org/html/rfc6750#section-2.3
  *
  * Old Android version bug (at least with version 2.2)
  * @see http://code.google.com/p/android/issues/detail?id=6684
  *
  */
 public function getAccessTokenParameter(HTTP_OAuth2_RequestInterface $request, HTTP_OAuth2_ResponseInterface $response)
 {
     $headers = $request->headers('AUTHORIZATION');
     /**
      * Ensure more than one method is not used for including an
      * access token
      *
      * @see http://tools.ietf.org/html/rfc6750#section-3.1
      */
     $methodsUsed = !empty($headers) + (bool) $request->query($this->config['token_param_name']) + (bool) $request->request($this->config['token_param_name']);
     if ($methodsUsed > 1) {
         $response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
         return null;
     }
     /**
      * If no authentication is provided, set the status code
      * to 401 and return no other error information
      *
      * @see http://tools.ietf.org/html/rfc6750#section-3.1
      */
     if ($methodsUsed == 0) {
         $response->setStatusCode(401);
         return null;
     }
     // HEADER: Get the access token from the header
     if (!empty($headers)) {
         if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\\s(\\S+)/', $headers, $matches)) {
             $response->setError(400, 'invalid_request', 'Malformed auth header');
             return null;
         }
         return $matches[1];
     }
     if ($request->request($this->config['token_param_name'])) {
         // // POST: Get the token from POST data
         if (!in_array(strtolower($request->server('REQUEST_METHOD')), array('post', 'put'))) {
             $response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST or PUT', '#section-2.2');
             return null;
         }
         $contentType = $request->server('CONTENT_TYPE');
         if (false !== ($pos = strpos($contentType, ';'))) {
             $contentType = substr($contentType, 0, $pos);
         }
         if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded' && $contentType != 'multipart/form-data') {
             // IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
             // @see http://tools.ietf.org/html/rfc6750#section-2.2
             $response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded" OR "multipart/form-data"');
             return null;
         }
         return $request->request($this->config['token_param_name']);
     }
     // GET method
     return $request->query($this->config['token_param_name']);
 }