public function handleAuthRequest() { $response = new OAuthResponse(); $request = new OAuthRequest(); $response->setRequest($request); $response->setTokenType($this->token_type); try { $request->parse(); if ($request->isImplicitGrantAuth()) { } else { if ($request->getRefreshToken()) { $username = $this->access_handler->getUsernameByRefreshToken($request->getRefreshToken()); if (empty($username)) { throw new OAuthInvalidClient("request_token not valid"); } $request->setUsername($username); $token = $this->access_handler->generateUniqueToken($request->getUsername()); if (!$token) { throw new OAuthServerError("Token making failed"); } $response->setAccessToken($token); $refresh_token = $this->access_handler->getRefreshToken($token); if ($refresh_token) { $response->setRefreshToken($refresh_token); } if ($this->token_type == "mac") { $key = $this->access_handler->getSecretKey($request->getUsername()); $response->setMacKey($key); } $additional_params = $this->access_handler->getAdditionalParams($request->getUsername()); if (!empty($additional_params)) { $response->setAdditionalParams($additional_params); } } else { if ($this->access_handler->checkUserAuth($request->getUsername(), $request->getPassword(), $request->getMacAddress(), $request->getSerialNumber(), $request)) { $user = \Mysql::getInstance()->from('users')->where(array('login' => $request->getUsername()))->get()->first(); if ($user['status'] == 1) { throw new OAuthAccessDenied("Account is disabled"); } $token = $this->access_handler->generateUniqueToken($request->getUsername()); if (!$token) { throw new OAuthServerError("Token making failed"); } $response->setAccessToken($token); $refresh_token = $this->access_handler->getRefreshToken($token); if ($refresh_token) { $response->setRefreshToken($refresh_token); } if ($this->token_type == "mac") { $key = $this->access_handler->getSecretKey($request->getUsername()); $response->setMacKey($key); } $additional_params = $this->access_handler->getAdditionalParams($request->getUsername()); if (!empty($additional_params)) { $response->setAdditionalParams($additional_params); } } else { throw new OAuthInvalidClient("Username or password is incorrect"); } } } } catch (OAuthException $e) { if ($request->isImplicitGrantAuth()) { echo $e->getMessage(); } else { $response->setError($e->getCode(), $e->getMessage(), $e->getUrl()); } } $response->send(); }