public function action_do() { $params = Oauth2::parse_query(); try { if (empty($params['code']) or isset($params['error'])) { throw new Oauth2_Exception($params['error']); } $token = Remote::get($this->_configs['token_uri'], array(CURLOPT_POST => TRUE, CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'), CURLOPT_POSTFIELDS => Oauth2::build_query(array('grant_type' => $this->_configs['grant_type'], 'code' => $params['code'], 'client_id' => $this->_configs['client_id'], 'redirect_uri' => $this->_configs['redirect_uri'], 'client_secret' => $this->_configs['client_secret'])))); $token = json_decode($token); if (isset($token->error)) { throw new Oauth2_Exception($token->error); } // Resource in json format $resource = Remote::get($this->_configs['access_uri'], array(CURLOPT_POST => TRUE, CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'), CURLOPT_POSTFIELDS => Oauth2::build_query(array('oauth_token' => $token->access_token, 'timestamp' => $_SERVER['REQUEST_TIME'], 'refresh_token' => $token->refresh_token, 'expires_in' => $token->expires_in, 'client_id' => $this->_configs['client_id'])))); $this->request->response = $resource; } catch (Exception $e) { $error = $e->getMessage(); } if (isset($error)) { switch ($error) { case 'access_denied': $this->request->response = 'You have denied this request.'; break; default: $this->request->response = 'There must be some errors happen in this connection, please contact our web master.' . "[{$error}]"; break; } } }
/** * state * OPTIONAL. An opaque value used by the client to maintain state * between the request and callback. The authorization server * includes this value when redirecting the user-agent back to the * client. * * scope * OPTIONAL. The scope of the access request expressed as a list * of space-delimited strings. The value of the "scope" parameter * is defined by the authorization server. If the value contains * multiple space-delimited strings, their order does not matter, * and each string adds an additional access range to the * requested scope. * * @access public * @return void */ public function __construct($args = NULL) { $params = Oauth2::parse_query(); $this->client_id = Arr::get($params, 'client_id'); $this->redirect_uri = Arr::get($params, 'redirect_uri'); // OPTIONAL. An opaque value used by the client to maintain state between the request and callback. if (NULL !== ($state = Arr::get($params, 'state'))) { $this->state = $state; } // OPTIONAL. The scope of the access request expressed as a list of space-delimited strings. if (NULL !== ($scope = Arr::get($params, 'scope'))) { $this->scope = $scope; } }
/** * format * OPTIONAL. The response format requested by the client. Value * MUST be one of "json", "xml", or "form". */ public function __construct($args = NULL) { $params = Oauth2::parse_query(); $this->client_id = Arr::get($params, 'client_id'); $this->client_secret = Arr::get($params, 'client_secret'); $this->refresh_token = Arr::get($params, 'refresh_token'); // OPTIONAL. An opaque value used by the client to maintain state between the request and callback. if (NULL !== ($state = Arr::get($params, 'state'))) { $this->state = $state; } if (NULL !== ($format = Arr::get($params, 'format'))) { $this->format = $format; } if (empty($this->client_id) or empty($this->client_secret) or empty($this->refresh_token)) { throw new Oauth2_Exception_Token('invalid_request'); } }
/** * the end-user authenticates directly with the authorization server, and grants client access to its protected resources * * @access public * @return void */ public function action_authorize() { $response_type = Oauth2::get('response_type'); try { if (method_exists($this, $response_type)) { $response = $this->{$response_type}(); } else { $params = Oauth2::parse_query(); $e = new Oauth2_Exception_Authorize('unsupported_response_type'); $e->state = Arr::get($params, 'state'); $e->redirect_uri = Arr::get($params, 'redirect_uri'); throw $e; } } catch (Oauth2_Exception $e) { $response = (string) $e; } $this->request->status = 302; #HTTP/1.1 302 Found $this->request->headers['Content-Type'] = 'application/x-www-form-urlencoded'; $this->request->redirect($response); }
/** * scope * OPTIONAL. The scope of the access request expressed as a list * of space-delimited strings. The value of the "scope" parameter * is defined by the authorization server. If the value contains * multiple space-delimited strings, their order does not matter, * and each string adds an additional access range to the * requested scope. * format * OPTIONAL. The response format requested by the client. Value * MUST be one of "json", "xml", or "form". Alternatively, the * client MAY use the HTTP "Accept" header field with the desired * media type. Defaults to "json" if omitted and no "Accept" * header field is present. */ public function __construct($args = NULL) { $params = Oauth2::parse_query(); $this->client_id = Arr::get($params, 'client_id'); $this->client_secret = Arr::get($params, 'client_secret'); $this->username = Arr::get($params, 'username'); $this->password = Arr::get($params, 'password'); // OPTIONAL. An opaque value used by the client to maintain state between the request and callback. if (NULL !== ($state = Arr::get($params, 'state'))) { $this->state = $state; } // OPTIONAL. The scope of the access request expressed as a list of space-delimited strings. if (NULL !== ($scope = Arr::get($params, 'scope'))) { $this->scope = $scope; } // OPTIONAL. The scope of the access request expressed as a list of space-delimited strings. if (NULL !== ($format = Arr::get($params, 'format'))) { $this->format = $format; } if (empty($this->client_id) or empty($this->client_secret) or empty($this->username) or empty($this->password)) { throw new Oauth2_Exception('invalid_request'); } }
public static function access_denied_uri($redirect = NULL) { $params = Oauth2::parse_query(); if (!$redirect) { $redirect = Arr::get($params, 'redirect_uri'); } if ($state = Arr::get($params, 'state')) { $state = '&state=' . $state; } return $redirect . '?error=access_denied' . $state; }