<li>Create and update cards, lists and boards </li> <li>Make comments for you </li> <li>Read your email address </li> </ul> <strong>It won't be able to:</strong> <ul> <li>See your <?php echo SITE_NAME; ?> password </li> </ul> </div> </div> </div> </section> <?php } else { // print the authorization code if the user has authorized your client $is_authorized = $_POST['authorized'] === 'Allow' ? true : false; $server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION["username"]); if ($is_authorized) { // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client header('Location: ' . $response->getHttpHeader('Location')); exit; } $response->send(); } } ?> </body> </html>
| 3. Create the authorization request using the authentication user's user_id | */ if ($method == 'authorize') { do_action('wo_before_authorize_method', array($_REQUEST)); $request = OAuth2\Request::createFromGlobals(); $response = new OAuth2\Response(); if (!$server->validateAuthorizeRequest($request, $response)) { $response->send(); exit; } if (!is_user_logged_in()) { wp_redirect(wp_login_url($_SERVER['REQUEST_URI'])); exit; } $server->handleAuthorizeRequest($request, $response, true, get_current_user_id()); $response->send(); exit; } /* |-------------------------------------------------------------------------- | PUBLIC KEY |-------------------------------------------------------------------------- | | Presents the generic public key for signing. | @since 3.0.5 */ if ($well_known == 'keys') { $keys = apply_filters('wo_server_keys', null); $publicKey = openssl_pkey_get_public(file_get_contents($keys['public'])); $publicKey = openssl_pkey_get_details($publicKey);
OAuth2\Autoloader::register(); $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password)); $server = new OAuth2\Server($storage); $server->addGrantType(new OAuth2\GrantType\UserCredentials($storage)); $server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage)); $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage)); $request = OAuth2\Request::createFromGlobals(); $response = new OAuth2\Response(); $response_type = $request->query('response_type') ? $request->query('response_type') : $request->request('response_type'); $grant_type = $request->query('grant_type') ? $request->query('grant_type') : $request->request('grant_type'); if ($request->server('REQUEST_METHOD') == 'POST') { if (!empty($_POST)) { if (!isset($grant_type) || $grant_type == '') { //user submit the login form and verify the username and password. //than Authorize the request and send back the code $server->handleAuthorizeRequest($request, $response, true, 2); echo $response->getHttpHeader('Location'); } else { if ($grant_type == 'password') { //app client use password model to authorize $server->handleTokenRequest($request, $response); //echo json_encode($response->getParameter('access_token')); $response->send(); exit; } else { //invalid request } } } else { echo "error"; exit;
/** * Execute the Api Authorize operation. * * @return mixed RApi object with information on success, boolean false on failure. * * @since 1.2 */ public function apiAuthorize() { $user = $this->getLoggedUser(); $request = OAuth2\Request::createFromGlobals(); $response = new OAuth2\Response(); // Validate the authorize request if (!$this->server->validateAuthorizeRequest($request, $response)) { $this->response = $response; return $this; } $clientId = $request->query('client_id'); $scopes = RApiOauth2Helper::getClientScopes($clientId); if ($request->request('authorized', '') == '') { $clientScopes = !empty($scopes) ? explode(' ', $scopes) : array(); if (!empty($clientScopes)) { $clientScopes = RApiHalHelper::getWebserviceScopes($clientScopes); } $currentUri = JUri::getInstance(); $formAction = JUri::root() . 'index.php?' . $currentUri->getQuery(); // Display an authorization form $this->response = RLayoutHelper::render('oauth2.authorize', array('view' => $this, 'options' => array('clientId' => $clientId, 'formAction' => $formAction, 'scopes' => $clientScopes))); return $this; } // Print the authorization code if the user has authorized your client $is_authorized = $request->request('authorized', '') === JText::_('LIB_REDCORE_API_OAUTH2_SERVER_AUTHORIZE_CLIENT_YES'); // We are setting client scope instead of requesting scope from user request $request->request['scope'] = $scopes; $this->server->handleAuthorizeRequest($request, $response, $is_authorized, $user->id); $this->response = $response; return $this; }