public function execute() { if (!$this->checkRequest()) { return; } $code = waRequest::post('code'); $auth_codes_model = new waApiAuthCodesModel(); $row = $auth_codes_model->getById($code); if ($row) { // check client_id if ($row['client_id'] != waRequest::post('client_id')) { $this->response(array('error' => 'invalid_grant')); return; } // check expire if (strtotime($row['expires']) < time()) { $this->response(array('error' => 'invalid_grant', 'error_description' => 'Authorization code expired')); return; } // create token $token_model = new waApiTokensModel(); $token = $token_model->getToken($row['client_id'], $row['contact_id'], $row['scope']); $this->response(array('access_token' => $token)); } else { $this->response(array('error' => 'invalid_grant', 'error_description' => 'Invalid code: ' . $code)); } }