/**
* @param \Flywheel\Http\WebRequest $request
* @param \Flywheel\Http\WebResponse $response
* @return \Flywheel\OAuth2\DataStore\IUserCredentials
*/
private function getClientCredentials($request, $response)
{
if (!is_null($request->getHttpHeader('PHP_AUTH_USER')) && !is_null($request->getHttpHeader('PHP_AUTH_PW'))) {
return array('client_id' => $request->getHttpHeader('PHP_AUTH_USER'), 'client_secret' => $request->getHttpHeader('PHP_AUTH_PW'));
}
// if ($this->config['allow_credentials_in_request_body']) {
// // Using POST for HttpBasic authorization is not recommended, but is supported by specification
// if (!is_null($request->request('client_id'))) {
// /**
// * client_secret can be null if the client's password is an empty string
// * @see http://tools.ietf.org/html/rfc6749#section-2.3.1
// */
// return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
// }
// }
// if ($response) {
// $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
// $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers'.$message);
// }
return null;
$username = $request->post('username');
$password = $request->post('password');
return $this->_dataStore->getUser($username, $password);
}
