aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Authorize.php
diff options
context:
space:
mode:
authorM.Dent <dentm42@dm42.net>2018-08-09 22:35:12 -0400
committerM.Dent <dentm42@dm42.net>2018-08-10 12:01:05 -0400
commit0b31c677f253907ee9a36e12ae51763b2d69a574 (patch)
treede755677f8edebeeb95d2d44f02dcd21b9a30d07 /Zotlabs/Module/Authorize.php
parent7890157f52378ec7a643e76e3b5c88fa23795d32 (diff)
downloadvolse-hubzilla-0b31c677f253907ee9a36e12ae51763b2d69a574.tar.gz
volse-hubzilla-0b31c677f253907ee9a36e12ae51763b2d69a574.tar.bz2
volse-hubzilla-0b31c677f253907ee9a36e12ae51763b2d69a574.zip
Fixes to OAuth2 connect-with-openid. Add zothash Claim. Add zotwebbie Claim.
Diffstat (limited to 'Zotlabs/Module/Authorize.php')
-rw-r--r--Zotlabs/Module/Authorize.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/Zotlabs/Module/Authorize.php b/Zotlabs/Module/Authorize.php
index bfb76150f..e042848d8 100644
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -60,12 +60,16 @@ class Authorize extends \Zotlabs\Web\Controller {
$request = \OAuth2\Request::createFromGlobals();
$response = new \OAuth2\Response();
+ // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string.
+ $channel = channelx_by_n(local_channel());
+ $user_id = $channel["channel_id"];
+
// If the client is not registered, add to the database
if (!$client = $storage->getClientDetails($client_id)) {
- $client_secret = random_string(16);
+ // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
+ $client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16);
// Client apps are registered per channel
- $user_id = local_channel();
- $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id);
+ $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id);
}
if (!$client = $storage->getClientDetails($client_id)) {
@@ -83,7 +87,7 @@ class Authorize extends \Zotlabs\Web\Controller {
// print the authorization code if the user has authorized your client
$is_authorized = ($_POST['authorize'] === 'allow');
- $s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
+ $s->handleAuthorizeRequest($request, $response, $is_authorized, $user_id);
if ($is_authorized) {
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
logger('Authorization Code: ' . $code);