2 header('HTTP/1.0 500 Internal Server Error');
6 header('HTTP/1.0 400 Bad Request');
7 header('Content-type: text/plain; charset=utf-8');
12 function verifyParameter($givenParams, $paramName)
14 if (!isset($givenParams[$paramName])) {
15 error('"' . $paramName . '" parameter missing');
17 return $givenParams[$paramName];
19 function verifyUrlParameter($givenParams, $paramName)
21 verifyParameter($givenParams, $paramName);
22 $url = parse_url($givenParams[$paramName]);
23 if (!isset($url['scheme'])) {
24 error('Invalid URL in "' . $paramName . '" parameter: scheme missing');
26 if (!isset($url['host'])) {
27 error('Invalid URL in "' . $paramName . '" parameter: host missing');
30 return $givenParams[$paramName];
32 function getOptionalParameter($givenParams, $paramName, $default)
34 if (!isset($givenParams[$paramName])) {
37 return $givenParams[$paramName];
40 if ($_SERVER['REQUEST_METHOD'] == 'GET') {
42 if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
43 error('Authorization HTTP header missing');
45 list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
46 if ($bearer !== 'Bearer') {
47 error('Authorization header must start with "Bearer"');
50 //FIXME: use real decryption
51 $data = json_decode($token);
53 error('Invalid token');
55 $data = (array) $data;
56 $me = verifyUrlParameter($data, 'me');
57 $client_id = verifyUrlParameter($data, 'client_id');
58 $scope = verifyParameter($data, 'scope');
60 header('HTTP/1.0 200 OK');
61 header('Content-type: application/x-www-form-urlencoded');
62 echo http_build_query(
65 'client_id' => $client_id,
70 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
72 $me = verifyUrlParameter($_POST, 'me');
73 $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
74 $client_id = verifyUrlParameter($_POST, 'client_id');
75 $code = verifyParameter($_POST, 'code');//auth token
76 $state = getOptionalParameter($_POST, 'state', null);
77 //FIXME: check if code and state are set
78 //FIXME: check auth endpoint if parameters are valid
79 // and to get the scope
82 //FIXME: use real encryption
83 $access_token = '<h1>"\'' . json_encode(
86 'client_id' => $client_id,
90 header('HTTP/1.0 200 OK');
91 header('Content-type: application/x-www-form-urlencoded');
92 echo http_build_query(
94 'access_token' => $access_token,