4 * @link http://indiewebcamp.com/login-brainstorming
5 * @link https://indieauth.com/developers
7 //require_once __DIR__ . '/../src/init.php';
8 require_once 'OpenID/RelyingParty.php';
9 require_once 'OpenID/Message.php';
10 require_once 'OpenID/Exception.php';
11 require_once 'Net/URL2.php';
15 $db = new PDO('sqlite:' . __DIR__ . '/../data/tokens.sq3');
16 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
17 $db->exec("CREATE TABLE IF NOT EXISTS authtokens(
26 $stmt = $db->prepare('DELETE FROM authtokens WHERE created < :created');
27 $stmt->execute(array(':created' => date('c', time() - 60)));
32 function create_token($me, $redirect_uri, $client_id, $state)
34 $code = base64_encode(openssl_random_pseudo_bytes(32));
37 'INSERT INTO authtokens (code, me, redirect_uri, client_id, state, created)'
38 . ' VALUES(:code, :me, :redirect_uri, :client_id, :state, :created)'
43 ':redirect_uri' => $redirect_uri,
44 ':client_id' => $client_id,
45 ':state' => (string) $state,
46 ':created' => date('c')
52 function validate_token($code, $redirect_uri, $client_id, $state)
56 'SELECT me FROM authtokens WHERE'
58 . ' AND redirect_uri = :redirect_uri'
59 . ' AND client_id = :client_id'
60 . ' AND state = :state'
61 . ' AND created >= :created'
66 ':redirect_uri' => $redirect_uri,
67 ':client_id' => $client_id,
68 ':state' => (string) $state,
69 ':created' => date('c', time() - 60)
72 $row = $stmt->fetch(PDO::FETCH_ASSOC);
74 $stmt = $db->prepare('DELETE FROM authtokens WHERE code = :code');
75 $stmt->execute(array(':code' => $code));
85 header('HTTP/1.0 400 Bad Request');
90 function verifyUrlParameter($givenParams, $paramName)
92 if (!isset($givenParams[$paramName])) {
93 error('"' . $paramName . '" parameter missing');
95 $url = parse_url($givenParams[$paramName]);
96 if (!isset($url['scheme'])) {
97 error('Invalid URL in "' . $paramName . '" parameter: scheme missing');
99 if (!isset($url['host'])) {
100 error('Invalid URL in "' . $paramName . '" parameter: host missing');
103 return $givenParams[$paramName];
106 function getBaseUrl()
108 if (!isset($_SERVER['REQUEST_SCHEME'])) {
109 $_SERVER['REQUEST_SCHEME'] = 'http';
111 $file = preg_replace('/#.*$/', '', $_SERVER['REQUEST_URI']);
114 } else if (substr($file, -1) != '/') {
115 $file = dirname($file);
117 return $_SERVER['REQUEST_SCHEME'] . '://'
118 . $_SERVER['HTTP_HOST']
123 $returnTo = getBaseUrl();
124 $realm = getBaseUrl();
126 if (isset($_GET['openid_mode']) && $_GET['openid_mode'] != '') {
127 //verify openid response
128 if (!count($_POST)) {
129 list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']);
131 $queryString = file_get_contents('php://input');
134 $message = new \OpenID_Message($queryString, \OpenID_Message::FORMAT_HTTP);
135 $id = $message->get('openid.claimed_id');
137 $o = new \OpenID_RelyingParty($returnTo, $realm, $_SESSION['me']);
138 $result = $o->verify(new \Net_URL2($returnTo . '?' . $queryString), $message);
140 if ($result->success()) {
141 $token = create_token(
142 $_SESSION['me'], $_SESSION['redirect_uri'],
143 $_SESSION['client_id'], $_SESSION['state']
145 //redirect to indieauth
146 $url = new Net_URL2($_SESSION['redirect_uri']);
147 $url->setQueryVariable('code', $token);
148 $url->setQueryVariable('me', $_SESSION['me']);
149 $url->setQueryVariable('state', $_SESSION['state']);
150 header('Location: ' . $url->getURL());
153 error('Error logging in: ' . $result->getAssertionMethod());
155 } catch (OpenID_Exception $e) {
156 error('Error logging in: ' . $e->getMessage());
160 if ($_SERVER['REQUEST_METHOD'] == 'GET') {
161 $me = verifyUrlParameter($_GET, 'me');
162 $redirect_uri = verifyUrlParameter($_GET, 'redirect_uri');
163 $client_id = verifyUrlParameter($_GET, 'client_id');
165 if (isset($_GET['state'])) {
166 $state = $_GET['state'];
168 //FIXME: support "response_type"?
170 $_SESSION['me'] = $me;
171 $_SESSION['redirect_uri'] = $redirect_uri;
172 $_SESSION['client_id'] = $client_id;
173 $_SESSION['state'] = $state;
176 $o = new \OpenID_RelyingParty($returnTo, $realm, $me);
177 $authRequest = $o->prepare();
178 $url = $authRequest->getAuthorizeURL();
179 header("Location: $url");
181 } catch (OpenID_Exception $e) {
182 error('OpenID error: ' . $e->getMessage());
184 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
185 $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
186 $client_id = verifyUrlParameter($_POST, 'client_id');
188 if (isset($_GET['state'])) {
189 $state = $_GET['state'];
191 if (!isset($_POST['code'])) {
192 error('"code" parameter missing');
194 $token = $_POST['code'];
196 $me = validate_token($token, $redirect_uri, $client_id, $state);
198 header('HTTP/1.0 400 Bad Request');
199 echo "Validating token failed\n";
202 header('Content-type: application/x-www-form-urlencoded');
203 echo 'me=' . urlencode($me);