/** * @param \Flywheel\Http\WebRequest $request * @param \Flywheel\Http\WebResponse $response * @return \Flywheel\OAuth2\DataStore\IUserCredentials */ private function getClientCredentials($request, $response) { if (!is_null($request->getHttpHeader('PHP_AUTH_USER')) && !is_null($request->getHttpHeader('PHP_AUTH_PW'))) { return array('client_id' => $request->getHttpHeader('PHP_AUTH_USER'), 'client_secret' => $request->getHttpHeader('PHP_AUTH_PW')); } // if ($this->config['allow_credentials_in_request_body']) { // // Using POST for HttpBasic authorization is not recommended, but is supported by specification // if (!is_null($request->request('client_id'))) { // /** // * client_secret can be null if the client's password is an empty string // * @see http://tools.ietf.org/html/rfc6749#section-2.3.1 // */ // return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret')); // } // } // if ($response) { // $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : ''; // $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message); // } return null; $username = $request->post('username'); $password = $request->post('password'); return $this->_dataStore->getUser($username, $password); }