projects
/
authserver.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
409b55f
)
secure token requests
author
Robert Kaiser
<kairo@kairo.at>
Fri, 28 Oct 2016 17:12:54 +0000
(19:12 +0200)
committer
Robert Kaiser
<kairo@kairo.at>
Fri, 28 Oct 2016 17:12:54 +0000
(19:12 +0200)
token.php
patch
|
blob
|
blame
|
history
diff --git
a/token.php
b/token.php
index e3cf8ffa715081a14136643d597a4cd463da87f1..e934b141bf85ec9b59a8af5c2dfcb71e66597145 100644
(file)
--- a/
token.php
+++ b/
token.php
@@
-9,7
+9,14
@@
// Include the common auth system files (including the OAuth2 Server object).
require_once(__DIR__.'/authsystem.inc.php');
// Include the common auth system files (including the OAuth2 Server object).
require_once(__DIR__.'/authsystem.inc.php');
-// Handle a request for an OAuth2.0 Access Token and send the response to the client
-$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
+$errors = $utils->checkForSecureConnection();
+if (!count($errors)) {
+ // Handle a request for an OAuth2.0 Access Token and send the response to the client
+ $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
+}
+else {
+ print(json_encode(array('error' => 'insecure_connection',
+ 'error_description' => 'Your connection is insecure. Token requests can only be made on secure connections.')));
+}
?>
?>