From eab1a65f63f227bae126a554e3bf93aa05c70695 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Thu, 9 Feb 2017 21:45:04 -0800 Subject: provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support. --- controllers/auth.php | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'controllers') diff --git a/controllers/auth.php b/controllers/auth.php index baf5c2f..15ecd61 100644 --- a/controllers/auth.php +++ b/controllers/auth.php @@ -33,13 +33,14 @@ $app->get('/auth/start', function() use($app) { $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me); $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me); + $defaultScope = 'create'; + if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) { // Generate a "state" parameter for the request $state = IndieAuth\Client::generateStateParameter(); $_SESSION['auth_state'] = $state; - $scope = 'post'; - $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope); + $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $defaultScope); } else { $authorizationURL = false; } @@ -62,6 +63,11 @@ $app->get('/auth/start', function() use($app) { $user->token_endpoint = $tokenEndpoint; $user->save(); + // Request whatever scope was previously granted + $authorizationURL = parse_url($authorizationURL); + $authorizationURL['scope'] = $user->micropub_scope; + $authorizationURL = http_build_url($authorizationURL); + $app->redirect($authorizationURL, 302); } else { @@ -77,6 +83,11 @@ $app->get('/auth/start', function() use($app) { $user->save(); if(k($params, 'dontask') && $params['dontask']) { + // Request whatever scope was previously granted + $authorizationURL = parse_url($authorizationURL); + $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope; + $authorizationURL = http_build_url($authorizationURL); + $_SESSION['dontask'] = 1; $app->redirect($authorizationURL, 302); } @@ -95,6 +106,23 @@ $app->get('/auth/start', function() use($app) { } }); +$app->get('/auth/redirect', function() use($app) { + $req = $app->request(); + $params = $req->params(); + + if(!isset($params['scope'])) + $params['scope'] = ''; + + $authorizationURL = parse_url($params['authorization_url']); + parse_str($authorizationURL['query'], $query); + $query['scope'] = $params['scope']; + $authorizationURL['query'] = http_build_query($query); + $authorizationURL = http_build_url($authorizationURL); + + $app->redirect($authorizationURL); + return; +}); + $app->get('/auth/callback', function() use($app) { $req = $app->request(); $params = $req->params(); -- cgit v1.2.3