/*
* Initial login handler (accessed by specifying login=1). Unlike most OAuth
* APIs, the KA API skips the "authorize" step, and instead guides the user
* through the login process directly from /api/auth/request_token . That
* endpoint redirects to a login page, which redirects back to a
* loginCallback of our choosing. Since this is a different flow from what
* the OAuth library expects, we need to have oauth-php sign the request
* without submitting it (since it's expecting to directly get a token
* back), then redirect the user to the resulting URL.
*/
$requestTokenParams = array('oauth_callback' => $loginCallback);
$userId = 0;
$server = $store->getServer($consumerKey, $userId);
$request = new OAuthRequester($requestTokenUrl, 'GET', $requestTokenParams);
$request->sign($userId, $server, '', 'requestToken');
$queryParams = $request->getQueryString(false);
header('Location: ' . $requestTokenUrl . '?' . $queryParams);
} elseif ($_GET['oauth_token']) {
/*
* Login callback. After the user logs in, they are redirected back to this
* page with the oauth_token field specified. We then can use that token (as
* well as some other request params) to get an access token to use
*
* Once the access token is obtained, we immediately redirect to the main
* logged-in page to allow the user to make requests.
*/
$oauthToken = $_GET['oauth_token'];
$oauthTokenSecret = $_GET['oauth_token_secret'];
$store->addServerToken($consumerKey, 'request', $oauthToken, $oauthTokenSecret, 0);
$accessTokenParams = array('oauth_verifier' => $_GET['oauth_verifier'], 'oauth_callback' => $loginCallback);
OAuthRequester::requestAccessToken($consumerKey, $oauthToken, 0, 'POST', $accessTokenParams);
