/** * */ public function authorize() { $this->view->disable(); $provider = new Github(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]); $code = $this->request->getQuery('code'); $state = $this->request->getQuery('state'); if (!isset($code)) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $this->session->set('oauth2state', $provider->state); return $this->response->redirect($authUrl); // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($state) || $state !== $this->session->get('oauth2state')) { $this->session->remove('oauth2state'); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $code]); $uid = $provider->getUserUid($token); $userDetails = $provider->getUserDetails($token); return array($uid, $token, $userDetails); } }