/* * Initial login handler (accessed by specifying login=1). Unlike most OAuth * APIs, the KA API skips the "authorize" step, and instead guides the user * through the login process directly from /api/auth/request_token . That * endpoint redirects to a login page, which redirects back to a * loginCallback of our choosing. Since this is a different flow from what * the OAuth library expects, we need to have oauth-php sign the request * without submitting it (since it's expecting to directly get a token * back), then redirect the user to the resulting URL. */ $requestTokenParams = array('oauth_callback' => $loginCallback); $userId = 0; $server = $store->getServer($consumerKey, $userId); $request = new OAuthRequester($requestTokenUrl, 'GET', $requestTokenParams); $request->sign($userId, $server, '', 'requestToken'); $queryParams = $request->getQueryString(false); header('Location: ' . $requestTokenUrl . '?' . $queryParams); } elseif ($_GET['oauth_token']) { /* * Login callback. After the user logs in, they are redirected back to this * page with the oauth_token field specified. We then can use that token (as * well as some other request params) to get an access token to use * * Once the access token is obtained, we immediately redirect to the main * logged-in page to allow the user to make requests. */ $oauthToken = $_GET['oauth_token']; $oauthTokenSecret = $_GET['oauth_token_secret']; $store->addServerToken($consumerKey, 'request', $oauthToken, $oauthTokenSecret, 0); $accessTokenParams = array('oauth_verifier' => $_GET['oauth_verifier'], 'oauth_callback' => $loginCallback); OAuthRequester::requestAccessToken($consumerKey, $oauthToken, 0, 'POST', $accessTokenParams);