<?php session_name('AkitaOAuth2ServerSample'); session_start(); require_once './lib/DataHandler.php'; // process request $headers = apache_request_headers(); $request = new Akita_OAuth2_Server_Request('authorization', $_SERVER, $_GET, $headers); $dataHandler = new Akita_OAuth2_Server_Sample_DataHandler($request); $authHandler = new Akita_OAuth2_Server_AuthorizationHandler(); try { $authHandler->processAuthorizationRequest($dataHandler); } catch (Akita_OAuth2_Server_Error $error) { // error handling include './tmpl/error.html'; exit; } // login $email = $_SESSION['email']; $redirectUri = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $_SESSION['redirect_uri'] = $redirectUri; if (empty($email)) { header('location: ./Login.php'); exit; } // store request $_SESSION['server_request'] = serialize($request); $_SESSION['server_ts'] = time(); $_SESSION['server_key'] = mt_rand(); $request_hash = hash_hmac('sha256', $_SESSION['server_request'] . $_SESSION['server_ts'], $_SESSION['server_key']); $denied_url = str_replace('Authorization.php', 'Finish.php', 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME']) . '?request_hash=' . urlencode($request_hash) . '&deny=1';
public function test_allowAuthorizationRequest_success_code_token_state() { $server = array(); $params = array('response_type' => 'code token', 'client_id' => 'valid_client_id', 'redirect_uri' => 'http://valid_redirect_uri/', 'scope' => 'valid_scope', 'state' => 'test_state'); $request = new Akita_OAuth2_Server_Request('authorization', $server, $params); $authInfo = new Akita_OAuth2_Model_AuthInfo(); $authInfo->code = 'test_code'; $accessToken = new Akita_OAuth2_Model_AccessToken(); $accessToken->token = 'test_access_token'; $accessToken->expiresIn = 3600; $accessToken->scope = 'test_scope'; $dataHandler = new DataHandler_AuthorizationHandler_Test($request, $authInfo, $accessToken); $authHandler = new Akita_OAuth2_Server_AuthorizationHandler(); try { $res = $authHandler->allowAuthorizationRequest($dataHandler); $this->assertEquals('http://valid_redirect_uri/', $res['redirect_uri']); $this->assertEquals('test_code', $res['fragment']['code']); $this->assertEquals('test_access_token', $res['fragment']['access_token']); $this->assertEquals(3600, $res['fragment']['expires_in']); $this->assertEquals('test_scope', $res['fragment']['scope']); $this->assertEquals('test_state', $res['fragment']['state']); } catch (Akita_OAuth2_Server_Error $error) { $this->assertTrue(false, $error->getMessage()); } }
$request = null; $request_hash = $_GET['request_hash']; if (isset($_SESSION['server_request']) && !empty($_SESSION['server_request']) && isset($_SESSION['server_ts']) && !empty($_SESSION['server_ts']) && isset($_SESSION['server_key']) && !empty($_SESSION['server_key']) && time() - 300 < $_SESSION['server_ts'] && $_SESSION['server_ts'] <= time() && $request_hash == hash_hmac('sha256', $_SESSION['server_request'] . $_SESSION['server_ts'], $_SESSION['server_key'])) { $request = unserialize($_SESSION['server_request']); unset($_SESSION['server_request']); unset($_SESSION['server_ts']); unset($_SESSION['server_key']); } else { // error handling $error = new Akita_OAuth2_Server_Error('400', 'invalid_request'); include './tmpl/error.html'; exit; } $dataHandler = new Akita_OAuth2_Server_Sample_DataHandler($request); $dataHandler->setUserId($email); $authHandler = new Akita_OAuth2_Server_AuthorizationHandler(); try { if (isset($_GET['deny']) && $_GET['deny'] == '1') { $res = $authHandler->denyAuthorizationRequest($dataHandler); } else { $res = $authHandler->allowAuthorizationRequest($dataHandler); } } catch (Akita_OAuth2_Server_Error $error) { // error handling include './tmpl/error.html'; exit; } // build response $redirect_uri = $res['redirect_uri']; if (!empty($res['query'])) { $redirect_uri .= strpos($redirect_uri, '?') === false ? '?' : '&';