2 header('HTTP/1.0 500 Internal Server Error');
6 header('HTTP/1.0 400 Bad Request');
7 header('Content-type: text/plain; charset=utf-8');
12 function verifyParameter($givenParams, $paramName)
14 if (!isset($givenParams[$paramName])) {
15 error('"' . $paramName . '" parameter missing');
17 return $givenParams[$paramName];
19 function verifyUrlParameter($givenParams, $paramName)
21 verifyParameter($givenParams, $paramName);
22 $url = parse_url($givenParams[$paramName]);
23 if (!isset($url['scheme'])) {
24 error('Invalid URL in "' . $paramName . '" parameter: scheme missing');
26 if (!isset($url['host'])) {
27 error('Invalid URL in "' . $paramName . '" parameter: host missing');
30 return $givenParams[$paramName];
32 function getOptionalParameter($givenParams, $paramName, $default)
34 if (!isset($givenParams[$paramName])) {
37 return $givenParams[$paramName];
40 if ($_SERVER['REQUEST_METHOD'] == 'GET') {
42 if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
43 $auth = $_SERVER['HTTP_AUTHORIZATION'];
44 } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
45 //php-cgi has it there
46 $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
48 error('Authorization HTTP header missing');
50 list($bearer, $token) = explode(' ', $auth, 2);
51 if ($bearer !== 'Bearer') {
52 error('Authorization header must start with "Bearer"');
55 //FIXME: use real decryption
56 $encData = base64_decode($token);
57 if ($encData === false) {
58 error('Invalid token data');
60 parse_str($encData, $data);
61 $emoji = verifyParameter($data, 'emoji');
62 $signature = verifyParameter($data, 'signature');
63 $me = verifyUrlParameter($data, 'me');
64 $client_id = verifyUrlParameter($data, 'client_id');
65 $scope = verifyParameter($data, 'scope');
67 if ($emoji != '\360\237\222\251') {
68 error('Dog poo missing');
70 if ($signature != 'FIXME') {
71 error('Invalid signature');
74 header('HTTP/1.0 200 OK');
75 header('Content-type: application/x-www-form-urlencoded');
76 echo http_build_query(
79 'client_id' => $client_id,
84 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
86 $me = verifyUrlParameter($_POST, 'me');
87 $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
88 $client_id = verifyUrlParameter($_POST, 'client_id');
89 $code = verifyParameter($_POST, 'code');//auth token
90 $state = getOptionalParameter($_POST, 'state', null);
91 //FIXME: check if code and state are set
92 //FIXME: check auth endpoint if parameters are valid
93 // and to get the scope
96 //FIXME: use real encryption
97 $access_token = base64_encode(
100 'emoji' => '\360\237\222\251',
102 'client_id' => $client_id,
104 'signature' => 'FIXME',
108 header('HTTP/1.0 200 OK');
109 header('Content-type: application/x-www-form-urlencoded');
110 echo http_build_query(
112 'access_token' => $access_token,