/**
* Internal function used to get the client credentials from HTTP basic
* auth or POST data.
*
* According to the spec (draft 20), the client_id can be provided in
* the Basic Authorization header (recommended) or via GET/POST.
*
* @return
* A list containing the client identifier and password, for example
* @code
* return array(
* CLIENT_ID,
* CLIENT_SECRET
* );
* @endcode
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1
*
* @ingroup oauth2_section_2
*/
public function getClientCredentials(OAuth2_Request $request)
{
if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
}
// This method is not recommended, but is supported by specification
if (!is_null($request->request('client_id')) && !is_null($request->request('client_secret'))) {
return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
}
if (!is_null($request->query('client_id')) && !is_null($request->query('client_secret'))) {
return array('client_id' => $request->query('client_id'), 'client_secret' => $request->query('client_secret'));
}
$this->response = new OAuth2_Response_Error(400, 'invalid_client', 'Client credentials were not found in the headers or body');
return null;
}
