move actual application into a subdirectory so we can deliver other things in the...

[authserver.git] / app / token.php

diff --git a/app/token.php b/app/token.php
new file mode 100644 (file)
index 0000000..e934b14
--- /dev/null
+++ b/app/token.php
@@ -0,0 +1,22 @@
+<?php
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Called with e.g. curl .../token -d 'grant_type=authorization_code&client_id=testclient&client_secret=testpass&code=&state=f00bar&redirect_uri=http%3A%2F%2Ffake.example.com%2F'
+// Response is always JSON.
+
+// Include the common auth system files (including the OAuth2 Server object).
+require_once(__DIR__.'/authsystem.inc.php');
+
+$errors = $utils->checkForSecureConnection();
+
+if (!count($errors)) {
+  // Handle a request for an OAuth2.0 Access Token and send the response to the client
+  $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
+}
+else {
+  print(json_encode(array('error' => 'insecure_connection',
+                          'error_description' => 'Your connection is insecure. Token requests can only be made on secure connections.')));
+}
+?>