/** * Internal function used to get the client credentials from HTTP basic * auth or POST data. * * According to the spec (draft 20), the client_id can be provided in * the Basic Authorization header (recommended) or via GET/POST. * * @return * A list containing the client identifier and password, for example * @code * return array( * CLIENT_ID, * CLIENT_SECRET * ); * @endcode * * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1 * * @ingroup oauth2_section_2 */ public function getClientCredentials(OAuth2_Request $request) { if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) { return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW')); } // This method is not recommended, but is supported by specification if (!is_null($request->request('client_id')) && !is_null($request->request('client_secret'))) { return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret')); } if (!is_null($request->query('client_id')) && !is_null($request->query('client_secret'))) { return array('client_id' => $request->query('client_id'), 'client_secret' => $request->query('client_secret')); } $this->response = new OAuth2_Response_Error(400, 'invalid_client', 'Client credentials were not found in the headers or body'); return null; }