$oauthError->sendHttpResponse();
}
break;
case 'request_token':
header('X-Frame-Options: DENY');
error_reporting(0);
try {
$oauth->grantAccessToken();
} catch (OAuth2ServerException $oauthError) {
$oauthError->sendHttpResponse();
}
break;
case 'request_access':
error_reporting(0);
try {
$token = $oauth->getBearerToken();
$data = $oauth->verifyAccessToken($token);
// GET THE USER ID FROM THE TOKEN AND NOT THE REQUESTING PARTY
$user_id = $data['user_id'];
global $wpdb;
$info = $wpdb->get_row("SELECT * FROM {$wpdb->prefix}users WHERE ID = " . $user_id . "");
// don't send sensitive info accross the wire.
unset($info->user_pass);
unset($info->user_activation_key);
// add user metadata
$infometa = $wpdb->get_results("SELECT meta_key, meta_value FROM {$wpdb->prefix}usermeta WHERE user_id = " . $user_id . "");
foreach ($infometa as $metarow) {
// exclude sensitive data
if (1 === preg_match("/pmpro_|token|wp_|theme_my_login_security|credit|card|password/i", $metarow->meta_key)) {
continue;
}
