From b21c09334335eab8a5d831a3aaaef1f6f9055d3c Mon Sep 17 00:00:00 2001 From: Robert Kaiser Date: Fri, 28 Oct 2016 19:12:54 +0200 Subject: [PATCH] secure token requests --- token.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/token.php b/token.php index e3cf8ff..e934b14 100644 --- a/token.php +++ b/token.php @@ -9,7 +9,14 @@ // Include the common auth system files (including the OAuth2 Server object). require_once(__DIR__.'/authsystem.inc.php'); -// Handle a request for an OAuth2.0 Access Token and send the response to the client -$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); +$errors = $utils->checkForSecureConnection(); +if (!count($errors)) { + // Handle a request for an OAuth2.0 Access Token and send the response to the client + $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); +} +else { + print(json_encode(array('error' => 'insecure_connection', + 'error_description' => 'Your connection is insecure. Token requests can only be made on secure connections.'))); +} ?> -- 2.43.0