Return JSON responses in auth, token and micropub API

[anoweco.git] / www / token.php

diff --git a/www/token.php b/www/token.php
index abe14ed6f9c93c143151c7b5d48674ce1a787295..67d6bb19fde0aa3c1f26c643bd2658e42d01cbfb 100644 (file)
--- a/www/token.php
+++ b/www/token.php
@@ -1,5 +1,6 @@
 <?php
 header('HTTP/1.0 500 Internal Server Error');
+header("Access-Control-Allow-Origin: *");
 
 function error($msg)
 {
@@ -47,7 +48,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     } else {
         error('Authorization HTTP header missing');
     }
-    list($bearer, $token) = explode(' ', $auth, 2);
+
+    $parts = explode(' ', $auth, 2);
+    if (count($parts) != 2) {
+        error('Authorization header must container "Bearer" and the token');
+    }
+
+    list($bearer, $token) = $parts;
     if ($bearer !== 'Bearer') {
         error('Authorization header must start with "Bearer"');
     }
@@ -72,8 +79,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     }
 
     header('HTTP/1.0 200 OK');
-    header('Content-type: application/x-www-form-urlencoded');
-    echo http_build_query(
+    header('Content-type: application/json');
+    echo json_encode(
         array(
             'me'        => $me,
             'client_id' => $client_id,
@@ -120,10 +127,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
         )
     );
     header('HTTP/1.0 200 OK');
-    header('Content-type: application/x-www-form-urlencoded');
-    echo http_build_query(
+    header('Content-type: application/json');
+    echo json_encode(
         array(
             'access_token' => $access_token,
+            'token_type' => 'Bearer',
             'me' => $me,
             'scope' => $scope
         )