From eab1a65f63f227bae126a554e3bf93aa05c70695 Mon Sep 17 00:00:00 2001
From: Aaron Parecki <aaron@parecki.com>
Date: Thu, 9 Feb 2017 21:45:04 -0800
Subject: provide option for choosing the scope to request

update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
---
 controllers/auth.php | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

(limited to 'controllers/auth.php')

diff --git a/controllers/auth.php b/controllers/auth.php
index baf5c2f..15ecd61 100644
--- a/controllers/auth.php
+++ b/controllers/auth.php
@@ -33,13 +33,14 @@ $app->get('/auth/start', function() use($app) {
   $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
   $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
 
+  $defaultScope = 'create';
+
   if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
     // Generate a "state" parameter for the request
     $state = IndieAuth\Client::generateStateParameter();
     $_SESSION['auth_state'] = $state;
 
-    $scope = 'post';
-    $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope);
+    $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $defaultScope);
   } else {
     $authorizationURL = false;
   }
@@ -62,6 +63,11 @@ $app->get('/auth/start', function() use($app) {
     $user->token_endpoint = $tokenEndpoint;
     $user->save();
 
+    // Request whatever scope was previously granted
+    $authorizationURL = parse_url($authorizationURL);
+    $authorizationURL['scope'] = $user->micropub_scope;
+    $authorizationURL = http_build_url($authorizationURL);
+
     $app->redirect($authorizationURL, 302);
 
   } else {
@@ -77,6 +83,11 @@ $app->get('/auth/start', function() use($app) {
     $user->save();
 
     if(k($params, 'dontask') && $params['dontask']) {
+      // Request whatever scope was previously granted
+      $authorizationURL = parse_url($authorizationURL);
+      $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope;
+      $authorizationURL = http_build_url($authorizationURL);
+
       $_SESSION['dontask'] = 1;
       $app->redirect($authorizationURL, 302);
     }
@@ -95,6 +106,23 @@ $app->get('/auth/start', function() use($app) {
   }
 });
 
+$app->get('/auth/redirect', function() use($app) {
+  $req = $app->request();
+  $params = $req->params();
+
+  if(!isset($params['scope']))
+    $params['scope'] = '';
+
+  $authorizationURL = parse_url($params['authorization_url']);
+  parse_str($authorizationURL['query'], $query);
+  $query['scope'] = $params['scope'];
+  $authorizationURL['query'] = http_build_query($query);
+  $authorizationURL = http_build_url($authorizationURL);
+
+  $app->redirect($authorizationURL);
+  return;
+});
+
 $app->get('/auth/callback', function() use($app) {
   $req = $app->request();
   $params = $req->params();
-- 
cgit v1.2.3