public function login_start(Request $request, Response $response) { if (!$request->get('url') || !($me = IndieAuth\Client::normalizeMeURL($request->get('url')))) { $response->setContent(view('login', ['title' => 'Sign In to Telegraph', 'error' => 'Invalid URL', 'error_description' => 'The URL you entered, "<strong>' . htmlspecialchars($request->get('url')) . '</strong>" is not valid.'])); return $response; } $authorizationEndpoint = IndieAuth\Client::discoverAuthorizationEndpoint($me); $state = JWT::encode(['me' => $me, 'authorization_endpoint' => $authorizationEndpoint, 'return_to' => $request->get('return_to'), 'time' => time(), 'exp' => time() + 300], Config::$secretKey); if ($authorizationEndpoint) { // If the user specified only an authorization endpoint, use that $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state); } else { // Otherwise, fall back to indieauth.com $authorizationURL = IndieAuth\Client::buildAuthorizationURL(Config::$defaultAuthorizationEndpoint, $me, self::_buildRedirectURI(), Config::$clientID, $state); } $response->setStatusCode(302); $response->headers->set('Location', $authorizationURL); return $response; }