public function login_start(Request $request, Response $response)
{
if (!$request->get('url') || !($me = IndieAuth\Client::normalizeMeURL($request->get('url')))) {
$response->setContent(view('login', ['title' => 'Sign In to Telegraph', 'error' => 'Invalid URL', 'error_description' => 'The URL you entered, "<strong>' . htmlspecialchars($request->get('url')) . '</strong>" is not valid.']));
return $response;
}
$authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me);
$state = JWT::encode(['me' => $me, 'authorization_endpoint' => $authorizationEndpoint, 'return_to' => $request->get('return_to'), 'time' => time(), 'exp' => time() + 300], Config::$secretKey);
if ($authorizationEndpoint) {
// If the user specified only an authorization endpoint, use that
$authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state);
} else {
// Otherwise, fall back to indieauth.com
$authorizationURL = IndieAuth\Client::buildAuthorizationURL(Config::$defaultAuthorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state);
}
$response->setStatusCode(302);
$response->headers->set('Location', $authorizationURL);
return $response;
}
