2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
6 // Called e.g. as /authorize?response_type=code&client_id=testclient&state=f00bar&scope=email&redirect_uri=http%3A%2F%2Ffake.example.com%2F
7 // This either redirects to the redirect URL with errors or success added as GET parameters,
8 // or sends a HTML page asking for login / permission to scope (email is always granted in this system but not always for OAuth2 generically)
9 // or sends errors as a JSOn document (hopefully shouldn't but seen that in testing).
11 // Include the common auth system files (including the OAuth2 Server object).
12 require_once(__DIR__.'/authsystem.inc.php');
14 $errors = $utils->checkForSecureConnection();
16 $request = OAuth2\Request::createFromGlobals();
17 $response = new OAuth2\Response();
19 // Validate the authorize request.
20 if (!$server->validateAuthorizeRequest($request, $response)) {
25 // Display an authorization form.
27 // Start HTML document as a DOM object.
28 extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
29 $document->formatOutput = true; // we want a nice output
30 $style = $head->appendElement('link');
31 $style->setAttribute('rel', 'stylesheet');
32 $style->setAttribute('href', 'authsystem.css');
33 $head->appendJSFile('authsystem.js');
34 $title->appendText('Authorization Request | KaiRo.at');
35 $h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
37 $para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
38 $para->setAttribute('id', 'jswarning');
39 $para->setAttribute('class', 'warn');
41 $form = $body->appendForm('', 'POST', 'authform');
42 $form->setAttribute('id', 'authform');
43 $form->appendElement('p', sprintf(_('Do you authorize %s to access %s?'), $request->query['client_id'], $request->query['scope']));
44 $submit = $form->appendInputSubmit(_('yes'));
45 $submit->setAttribute('name', 'authorized');
46 $form->appendText(' ');
47 $submit = $form->appendInputSubmit(_('no'));
48 $submit->setAttribute('name', 'authorized');
49 // Send HTML to client.
50 print($document->saveHTML());
54 // Handle authorize request, forwarding code in GET parameters if the user has authorized your client.
55 $is_authorized = ($_POST['authorized'] === 'yes');
56 $server->handleAuthorizeRequest($request, $response, $is_authorized);
59 // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
60 $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
61 exit("SUCCESS! Authorization Code: $code");