-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
113 lines (91 loc) · 2.9 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
require 'vendor/autoload.php';
require_once __DIR__.'/server.php';
$app = new \Slim\Slim();
$validateToken = function () use ($server, $app){
return function () use ($server, $app ) {
$app->response->headers->set('Content-Type', 'application/json');
if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {
$app->flash('error', 'Not authorized');
$error = array(
"error" => "NOT_AUTHORIZED",
"message" => "Not authorized, invalid access_token",
"code" => 403
);
$app->halt(403, json_encode($error));
}
};
};
//Obtain access token with an auth token (code)
$app->post('/token/', function () use ($server) {
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
});
//Obtain personal data (Sample rotected Enpoint)
$app->get('/treasure/', $validateToken(), function() use($app){
$app->response->headers->set('Content-Type', 'application/json');
$me = array(
'first_name' => 'Gary',
'last_name' => 'Smith',
'phone' => '555-555-555',
'email' => 'email@domain.com',
'bank_account'=> '888444555222332444487886655'
);
echo json_encode($me);
});
//View to accept or decline access to personal data
$app->get('/auth/', function() use($server, $app){
$code = $app->request()->get('response_type');
$client = $app->request()->get('client_id');
$state = $app->request()->get('state');
$app->render(
'authForm.php',
array(
'clientId' => $client,
'authorizePath' => "auth?response_type=$code&client_id=$client&state=$state",
)
);
});
//Process auth request
$app->post('/auth/', function() use($server, $app){
$app->response->headers->set('Content-Type', 'application/json');
$request = OAuth2\Request::createFromGlobals();
$response = new OAuth2\Response();
if (!$server->validateAuthorizeRequest($request, $response)) {
$response->send();
die;
}
$allowAccess = ($_POST['authorized'] === 'yes');
if ($allowAccess) {
$server->handleAuthorizeRequest($request, $response, $allowAccess);
//Parse code from Location
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
$grantResponse = array(
'grant_type'=> 'authorization_code',
'code'=> $code
);
//Post to token endpoint to forward flow and return JSON on a single call
$location = $app->request->getHostWithPort();
$url = "http://$location/apps/Oauth2/index.php/token";
$auth = base64_encode('TestApp:testpass');
$options = array(
'http' => array(
'header' => array(
"Content-type: application/json",
"Authorization: Basic $auth",
),
'method' => 'POST',
'content' => json_encode($grantResponse)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
}
else{
$app->response->setBody(json_encode(array(
'access' => 'not_granted'
)));
}
echo $result;
});
$app->run();
?>