diff options
author | Aaron Parecki <aaron@parecki.com> | 2017-02-09 21:45:04 -0800 |
---|---|---|
committer | Aaron Parecki <aaron@parecki.com> | 2017-02-09 21:45:04 -0800 |
commit | eab1a65f63f227bae126a554e3bf93aa05c70695 (patch) | |
tree | 0cabb48f96585b3db60ffc7e21c25e3ceb0c87cd /controllers/auth.php | |
parent | 1894da9452edaf1f2b3de5a6a969d60844645a23 (diff) |
provide option for choosing the scope to request
update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
Diffstat (limited to 'controllers/auth.php')
-rw-r--r-- | controllers/auth.php | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/controllers/auth.php b/controllers/auth.php index baf5c2f..15ecd61 100644 --- a/controllers/auth.php +++ b/controllers/auth.php @@ -33,13 +33,14 @@ $app->get('/auth/start', function() use($app) { $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); + $defaultScope = 'create'; + if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // Generate a "state" parameter for the request $state = IndieAuth\Client::generateStateParameter(); $_SESSION['auth_state'] = $state; - $scope = 'post'; - $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope); + $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $defaultScope); } else { $authorizationURL = false; } @@ -62,6 +63,11 @@ $app->get('/auth/start', function() use($app) { $user->token_endpoint = $tokenEndpoint; $user->save(); + // Request whatever scope was previously granted + $authorizationURL = parse_url($authorizationURL); + $authorizationURL['scope'] = $user->micropub_scope; + $authorizationURL = http_build_url($authorizationURL); + $app->redirect($authorizationURL, 302); } else { @@ -77,6 +83,11 @@ $app->get('/auth/start', function() use($app) { $user->save(); if(k($params, 'dontask') && $params['dontask']) { + // Request whatever scope was previously granted + $authorizationURL = parse_url($authorizationURL); + $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope; + $authorizationURL = http_build_url($authorizationURL); + $_SESSION['dontask'] = 1; $app->redirect($authorizationURL, 302); } @@ -95,6 +106,23 @@ $app->get('/auth/start', function() use($app) { } }); +$app->get('/auth/redirect', function() use($app) { + $req = $app->request(); + $params = $req->params(); + + if(!isset($params['scope'])) + $params['scope'] = ''; + + $authorizationURL = parse_url($params['authorization_url']); + parse_str($authorizationURL['query'], $query); + $query['scope'] = $params['scope']; + $authorizationURL['query'] = http_build_query($query); + $authorizationURL = http_build_url($authorizationURL); + + $app->redirect($authorizationURL); + return; +}); + $app->get('/auth/callback', function() use($app) { $req = $app->request(); $params = $req->params(); |