From: Robert Kaiser Date: Fri, 28 Oct 2016 17:12:54 +0000 (+0200) Subject: secure token requests X-Git-Url: https://git-public.kairo.at/?a=commitdiff_plain;h=b21c09334335eab8a5d831a3aaaef1f6f9055d3c;p=authserver.git secure token requests --- diff --git a/token.php b/token.php index e3cf8ff..e934b14 100644 --- a/token.php +++ b/token.php @@ -9,7 +9,14 @@ // Include the common auth system files (including the OAuth2 Server object). require_once(__DIR__.'/authsystem.inc.php'); -// Handle a request for an OAuth2.0 Access Token and send the response to the client -$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); +$errors = $utils->checkForSecureConnection(); +if (!count($errors)) { + // Handle a request for an OAuth2.0 Access Token and send the response to the client + $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); +} +else { + print(json_encode(array('error' => 'insecure_connection', + 'error_description' => 'Your connection is insecure. Token requests can only be made on secure connections.'))); +} ?>