@ -0,0 +1,88 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\IndieAuth;
|
||||
|
||||
use IndieAuth\Client as IndieAuthClient;
|
||||
|
||||
class Client extends IndieAuthClient {
|
||||
|
||||
/**
|
||||
* Start the authorization process. Discovers the user's auth
|
||||
* endpoints (or falls back to indielogin.com).
|
||||
* Reverses IndieAuth\Client behavior where `$authorizationEndpoint` arg
|
||||
* takes precedence over user's configured auth endpoint. In this case, it's
|
||||
* the fallback.
|
||||
* I'm sure this reversal won't cause any future confusion or issues. 🙃
|
||||
*/
|
||||
public static function begin($url, $scope=false, $fallbackAuthorizationEndpoint=false) {
|
||||
if(!isset(self::$clientID) || !isset(self::$redirectURL)) {
|
||||
return self::_errorResponse(
|
||||
'not_configured',
|
||||
'Before you can begin, you need to configure the clientID and redirectURL of the IndieAuth client'
|
||||
);
|
||||
}
|
||||
|
||||
$errorCode = false;
|
||||
|
||||
$url = self::normalizeMeURL($url);
|
||||
|
||||
$_SESSION['indieauth_entered_url'] = $url;
|
||||
|
||||
if(!$url) {
|
||||
return self::_errorResponse('invalid_url', 'The URL provided was invalid');
|
||||
}
|
||||
|
||||
$metadataEndpoint = self::discoverMetadataEndpoint($url);
|
||||
if ($metadataEndpoint) {
|
||||
$response = self::discoverIssuer($metadataEndpoint);
|
||||
if ($response instanceof ErrorResponse) {
|
||||
return $response->getArray();
|
||||
}
|
||||
|
||||
$_SESSION['indieauth_issuer'] = $response;
|
||||
}
|
||||
|
||||
$authorizationEndpoint = static::discoverAuthorizationEndpoint($url);
|
||||
|
||||
if((!$authorizationEndpoint) && (!$fallbackAuthorizationEndpoint)) {
|
||||
// didn't find an auth endpoint and no fallback passed in. we're stuck.
|
||||
return self::_errorResponse('missing_authorization_endpoint', 'Could not find your authorization endpoint');
|
||||
}
|
||||
|
||||
$authorizationEndpoint = $fallbackAuthorizationEndpoint;
|
||||
|
||||
$scopes = self::parseNonProfileScopes($scope);
|
||||
if(count($scopes)) {
|
||||
$tokenEndpoint = static::discoverTokenEndpoint($url);
|
||||
|
||||
if(!$tokenEndpoint) {
|
||||
return self::_errorResponse(
|
||||
'missing_token_endpoint',
|
||||
'Could not find your token endpoint. The token endpoint is required when requesting non-profile scopes'
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
$state = self::generateStateParameter();
|
||||
$codeVerifier = self::generatePKCECodeVerifier();
|
||||
|
||||
$_SESSION['indieauth_state'] = $state;
|
||||
$_SESSION['indieauth_code_verifier'] = $codeVerifier;
|
||||
$_SESSION['indieauth_authorization_endpoint'] = $authorizationEndpoint;
|
||||
if(isset($tokenEndpoint)) {
|
||||
$_SESSION['indieauth_token_endpoint'] = $tokenEndpoint;
|
||||
}
|
||||
|
||||
$authorizationURL = self::buildAuthorizationURL($authorizationEndpoint, [
|
||||
'me' => $url,
|
||||
'redirect_uri' => self::$redirectURL,
|
||||
'client_id' => self::$clientID,
|
||||
'state' => $state,
|
||||
'code_verifier' => $codeVerifier,
|
||||
'scope' => $scope,
|
||||
]);
|
||||
|
||||
return [$authorizationURL, false];
|
||||
}
|
||||
}
|
||||
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。