$me, 'client_id' => $client_id, 'scope' => $scope, ) ); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { //generate token //we ignore the "me" parameter; it's for proxies only // see https://github.com/cweiske/anoweco/issues/3 $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri'); $client_id = verifyUrlParameter($_POST, 'client_id'); $code = verifyParameter($_POST, 'code');//auth token $state = getOptionalParameter($_POST, 'state', null); //verify auth code parse_str(base64_decode($code), $codeParts); $emoji = verifyParameter($codeParts, 'emoji'); $signature = verifyParameter($codeParts, 'signature'); $me = verifyUrlParameter($codeParts, 'me'); if ($emoji != '\360\237\222\251') { error('Auth token: Dog poo missing'); } if ($signature != 'FIXME') { error('Auth token: Invalid signature'); } //FIXME: check if state are set //FIXME: check auth endpoint if parameters are valid // and to get the scope $scope = 'post'; //FIXME: use real encryption $access_token = base64_encode( http_build_query( array( 'emoji' => '\360\237\222\251', 'me' => $me, 'client_id' => $client_id, 'scope' => $scope, 'signature' => 'FIXME', ) ) ); header('HTTP/1.0 200 OK'); header('Content-type: application/json'); echo json_encode( array( 'access_token' => $access_token, 'token_type' => 'Bearer', 'me' => $me, 'scope' => $scope ) ); } ?>