2 header('HTTP/1.0 500 Internal Server Error');
6 header('HTTP/1.0 400 Bad Request');
7 header('Content-type: text/plain; charset=utf-8');
12 function verifyParameter($givenParams, $paramName)
14 if (!isset($givenParams[$paramName])) {
15 error('"' . $paramName . '" parameter missing');
17 return $givenParams[$paramName];
19 function verifyUrlParameter($givenParams, $paramName)
21 verifyParameter($givenParams, $paramName);
22 $url = parse_url($givenParams[$paramName]);
23 if (!isset($url['scheme'])) {
24 error('Invalid URL in "' . $paramName . '" parameter: scheme missing');
26 if (!isset($url['host'])) {
27 error('Invalid URL in "' . $paramName . '" parameter: host missing');
30 return $givenParams[$paramName];
32 function getOptionalParameter($givenParams, $paramName, $default)
34 if (!isset($givenParams[$paramName])) {
37 return $givenParams[$paramName];
40 if ($_SERVER['REQUEST_METHOD'] == 'GET') {
42 if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
43 error('Authorization HTTP header missing');
45 list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
46 if ($bearer !== 'Bearer') {
47 error('Authorization header must start with "Bearer"');
50 //FIXME: use real decryption
51 $encData = base64_decode($token);
52 if ($encData === false) {
53 error('Invalid token data');
55 parse_str($encData, $data);
56 $emoji = verifyParameter($data, 'emoji');
57 $signature = verifyParameter($data, 'signature');
58 $me = verifyUrlParameter($data, 'me');
59 $client_id = verifyUrlParameter($data, 'client_id');
60 $scope = verifyParameter($data, 'scope');
62 if ($emoji != '\360\237\222\251') {
63 error('Dog poo missing');
65 if ($signature != 'FIXME') {
66 error('Invalid signature');
69 header('HTTP/1.0 200 OK');
70 header('Content-type: application/x-www-form-urlencoded');
71 echo http_build_query(
74 'client_id' => $client_id,
79 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
81 $me = verifyUrlParameter($_POST, 'me');
82 $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
83 $client_id = verifyUrlParameter($_POST, 'client_id');
84 $code = verifyParameter($_POST, 'code');//auth token
85 $state = getOptionalParameter($_POST, 'state', null);
86 //FIXME: check if code and state are set
87 //FIXME: check auth endpoint if parameters are valid
88 // and to get the scope
91 //FIXME: use real encryption
92 $access_token = base64_encode(
95 'emoji' => '\360\237\222\251',
97 'client_id' => $client_id,
99 'signature' => 'FIXME',
103 header('HTTP/1.0 200 OK');
104 header('Content-type: application/x-www-form-urlencoded');
105 echo http_build_query(
107 'access_token' => $access_token,