summaryrefslogtreecommitdiff
path: root/controllers/auth.php
diff options
context:
space:
mode:
authorAaron Parecki <aaron@parecki.com>2017-02-09 21:45:04 -0800
committerAaron Parecki <aaron@parecki.com>2017-02-09 21:45:04 -0800
commiteab1a65f63f227bae126a554e3bf93aa05c70695 (patch)
tree0cabb48f96585b3db60ffc7e21c25e3ceb0c87cd /controllers/auth.php
parent1894da9452edaf1f2b3de5a6a969d60844645a23 (diff)
provide option for choosing the scope to request
update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
Diffstat (limited to 'controllers/auth.php')
-rw-r--r--controllers/auth.php32
1 files changed, 30 insertions, 2 deletions
diff --git a/controllers/auth.php b/controllers/auth.php
index baf5c2f..15ecd61 100644
--- a/controllers/auth.php
+++ b/controllers/auth.php
@@ -33,13 +33,14 @@ $app->get('/auth/start', function() use($app) {
$tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
$micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
+ $defaultScope = 'create';
+
if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
// Generate a "state" parameter for the request
$state = IndieAuth\Client::generateStateParameter();
$_SESSION['auth_state'] = $state;
- $scope = 'post';
- $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope);
+ $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $defaultScope);
} else {
$authorizationURL = false;
}
@@ -62,6 +63,11 @@ $app->get('/auth/start', function() use($app) {
$user->token_endpoint = $tokenEndpoint;
$user->save();
+ // Request whatever scope was previously granted
+ $authorizationURL = parse_url($authorizationURL);
+ $authorizationURL['scope'] = $user->micropub_scope;
+ $authorizationURL = http_build_url($authorizationURL);
+
$app->redirect($authorizationURL, 302);
} else {
@@ -77,6 +83,11 @@ $app->get('/auth/start', function() use($app) {
$user->save();
if(k($params, 'dontask') && $params['dontask']) {
+ // Request whatever scope was previously granted
+ $authorizationURL = parse_url($authorizationURL);
+ $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope;
+ $authorizationURL = http_build_url($authorizationURL);
+
$_SESSION['dontask'] = 1;
$app->redirect($authorizationURL, 302);
}
@@ -95,6 +106,23 @@ $app->get('/auth/start', function() use($app) {
}
});
+$app->get('/auth/redirect', function() use($app) {
+ $req = $app->request();
+ $params = $req->params();
+
+ if(!isset($params['scope']))
+ $params['scope'] = '';
+
+ $authorizationURL = parse_url($params['authorization_url']);
+ parse_str($authorizationURL['query'], $query);
+ $query['scope'] = $params['scope'];
+ $authorizationURL['query'] = http_build_query($query);
+ $authorizationURL = http_build_url($authorizationURL);
+
+ $app->redirect($authorizationURL);
+ return;
+});
+
$app->get('/auth/callback', function() use($app) {
$req = $app->request();
$params = $req->params();