<li>Create and update cards, lists and boards </li>
<li>Make comments for you </li>
<li>Read your email address </li>
</ul>
<strong>It won't be able to:</strong>
<ul>
<li>See your <?php
echo SITE_NAME;
?>
password </li>
</ul>
</div>
</div>
</div>
</section>
<?php
} else {
// print the authorization code if the user has authorized your client
$is_authorized = $_POST['authorized'] === 'Allow' ? true : false;
$server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION["username"]);
if ($is_authorized) {
// this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
header('Location: ' . $response->getHttpHeader('Location'));
exit;
}
$response->send();
}
}
?>
</body>
</html>
| 3. Create the authorization request using the authentication user's user_id
|
*/
if ($method == 'authorize') {
do_action('wo_before_authorize_method', array($_REQUEST));
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
if (!$server->validateAuthorizeRequest($request, $response)) {
$response->send();
exit;
}
if (!is_user_logged_in()) {
wp_redirect(wp_login_url($_SERVER['REQUEST_URI']));
exit;
}
$server->handleAuthorizeRequest($request, $response, true, get_current_user_id());
$response->send();
exit;
}
/*
|--------------------------------------------------------------------------
| PUBLIC KEY
|--------------------------------------------------------------------------
|
| Presents the generic public key for signing.
| @since 3.0.5
*/
if ($well_known == 'keys') {
$keys = apply_filters('wo_server_keys', null);
$publicKey = openssl_pkey_get_public(file_get_contents($keys['public']));
$publicKey = openssl_pkey_get_details($publicKey);
OAuth2\Autoloader::register();
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new OAuth2\Server($storage);
$server->addGrantType(new OAuth2\GrantType\UserCredentials($storage));
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
$response_type = $request->query('response_type') ? $request->query('response_type') : $request->request('response_type');
$grant_type = $request->query('grant_type') ? $request->query('grant_type') : $request->request('grant_type');
if ($request->server('REQUEST_METHOD') == 'POST') {
if (!empty($_POST)) {
if (!isset($grant_type) || $grant_type == '') {
//user submit the login form and verify the username and password.
//than Authorize the request and send back the code
$server->handleAuthorizeRequest($request, $response, true, 2);
echo $response->getHttpHeader('Location');
} else {
if ($grant_type == 'password') {
//app client use password model to authorize
$server->handleTokenRequest($request, $response);
//echo json_encode($response->getParameter('access_token'));
$response->send();
exit;
} else {
//invalid request
}
}
} else {
echo "error";
exit;
/**
* Execute the Api Authorize operation.
*
* @return mixed RApi object with information on success, boolean false on failure.
*
* @since 1.2
*/
public function apiAuthorize()
{
$user = $this->getLoggedUser();
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
// Validate the authorize request
if (!$this->server->validateAuthorizeRequest($request, $response)) {
$this->response = $response;
return $this;
}
$clientId = $request->query('client_id');
$scopes = RApiOauth2Helper::getClientScopes($clientId);
if ($request->request('authorized', '') == '') {
$clientScopes = !empty($scopes) ? explode(' ', $scopes) : array();
if (!empty($clientScopes)) {
$clientScopes = RApiHalHelper::getWebserviceScopes($clientScopes);
}
$currentUri = JUri::getInstance();
$formAction = JUri::root() . 'index.php?' . $currentUri->getQuery();
// Display an authorization form
$this->response = RLayoutHelper::render('oauth2.authorize', array('view' => $this, 'options' => array('clientId' => $clientId, 'formAction' => $formAction, 'scopes' => $clientScopes)));
return $this;
}
// Print the authorization code if the user has authorized your client
$is_authorized = $request->request('authorized', '') === JText::_('LIB_REDCORE_API_OAUTH2_SERVER_AUTHORIZE_CLIENT_YES');
// We are setting client scope instead of requesting scope from user request
$request->request['scope'] = $scopes;
$this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user->id);
$this->response = $response;
return $this;
}
