/**
*
*/
public function authorize()
{
$this->view->disable();
$provider = new Github(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]);
$code = $this->request->getQuery('code');
$state = $this->request->getQuery('state');
if (!isset($code)) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$this->session->set('oauth2state', $provider->state);
return $this->response->redirect($authUrl);
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($state) || $state !== $this->session->get('oauth2state')) {
$this->session->remove('oauth2state');
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $code]);
$uid = $provider->getUserUid($token);
$userDetails = $provider->getUserDetails($token);
return array($uid, $token, $userDetails);
}
}
