- The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting
CONFIG_ENFORCE_INPUT_REDIRECT to true.
- The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is
MANDATORY. You can enforce this by setting the CONFIG_ENFORCE_STATE to true.
protected getAuthorizeParams ( |
||
$request | ||
return | array |
/** * Tests OAuth2->getAuthorizeParams() */ public function testGetAuthorizeParams() { // TODO Auto-generated OAuth2Test->testGetAuthorizeParams() $this->markTestIncomplete("getAuthorizeParams test not implemented"); $this->fixture->getAuthorizeParams(); }
} */ $oauth = new OAuth2(new OAuth2StoragePDO(newPDO())); if ($_POST) { $userId = 123; // Use whatever method you have for identifying users. try { $response = $oauth->finishClientAuthorization($_POST["accept"] == "Yep", $userId); $response->send(); } catch (OAuth2ServerException $e) { $e->getHttpResponse()->send(); } exit; } try { $auth_params = $oauth->getAuthorizeParams(); } catch (OAuth2ServerException $oauthError) { $oauthError->sendHttpResponse(); } ?> <html> <head> <title>Authorize</title> <script> if (top != self) { window.document.write("<div style='background:black; opacity:0.5; filter: alpha (opacity = 50); position: absolute; top:0px; left: 0px;" + "width: 9999px; height: 9999px; zindex: 1000001' onClick='top.location.href=window.location.href'></div>"); } </script> </head> <body>