we always need code

[anoweco.git] / www / auth.php

diff --git a/www/auth.php b/www/auth.php
index 1a617d787fb3e2c64653f738a43a5e38321191d0..d3325b05fd5e15384e2150807c651e327a439b1c 100644 (file)
--- a/www/auth.php
+++ b/www/auth.php
@@ -101,32 +101,27 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
 
         //redirect back to client
         $url = new \Net_URL2($redirect_uri);
 
         //redirect back to client
         $url = new \Net_URL2($redirect_uri);

-        if ($response_type == 'code') {
-            $url->setQueryVariable('code', $code);
-        }
+        $url->setQueryVariable('code', $code);

         $url->setQueryVariable('me', $me);
         $url->setQueryVariable('state', $state);
         header('Location: ' . $url->getURL());
         exit();
     } else {
         //auth code verification
         $url->setQueryVariable('me', $me);
         $url->setQueryVariable('state', $state);
         header('Location: ' . $url->getURL());
         exit();
     } else {
         //auth code verification

+        $code         = base64_decode(verifyParameter($_POST, 'code'));

         $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
         $client_id    = verifyUrlParameter($_POST, 'client_id');
         $state        = getOptionalParameter($_POST, 'state', null);
 
         $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
         $client_id    = verifyUrlParameter($_POST, 'client_id');
         $state        = getOptionalParameter($_POST, 'state', null);
 

-        $code = getOptionalParameter($_POST, 'code', null);
-        if ($code !== null && $code !== '') {
-            //code only given for "code" response_type, not for "id" mode
-            parse_str(base64_decode($code), $codeParts);
-            $emoji     = verifyParameter($codeParts, 'emoji');
-            $signature = verifyParameter($codeParts, 'signature');
-            $me        = verifyUrlParameter($codeParts, 'me');
-            if ($emoji != '\360\237\222\251') {
-                error('Dog poo missing');
-            }
-            if ($signature != 'FIXME') {
-                error('Invalid signature');
-            }
+        parse_str($code, $codeParts);
+        $emoji     = verifyParameter($codeParts, 'emoji');
+        $signature = verifyParameter($codeParts, 'signature');
+        $me        = verifyUrlParameter($codeParts, 'me');
+        if ($emoji != '\360\237\222\251') {
+            error('Dog poo missing');
+        }
+        if ($signature != 'FIXME') {
+            error('Invalid signature');

         }
         header('HTTP/1.0 200 OK');
         header('Content-type: application/x-www-form-urlencoded');
         }
         header('HTTP/1.0 200 OK');
         header('Content-type: application/x-www-form-urlencoded');