Return JSON responses in auth, token and micropub API
authorChristian Weiske <cweiske@cweiske.de>
Mon, 23 Apr 2018 14:25:04 +0000 (16:25 +0200)
committerChristian Weiske <cweiske@cweiske.de>
Mon, 23 Apr 2018 14:25:45 +0000 (16:25 +0200)
The IndieAuth spec wants that now.
Previously, it allowed both x-www-form-urlencoded and application/json.
Now this is not true anymore, because aaronpk wanted IndieAuth to be
"a proper OAuth2 extension".

Resolves: https://github.com/cweiske/anoweco/issues/9

www/auth.php
www/micropub.php
www/token.php

index 22e3de9..d47642c 100644 (file)
@@ -146,8 +146,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
             error('Invalid signature');
         }
         header('HTTP/1.0 200 OK');
-        header('Content-type: application/x-www-form-urlencoded');
-        echo http_build_query(['me' => $me]);
+        header('Content-type: application/json');
+        echo json_encode(['me' => $me]);
         exit();
     }
 } else if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
index 3cbfbe8..ab6af86 100644 (file)
@@ -35,7 +35,8 @@ function validateToken($token)
         array(
             'http' => array(
                 'header' => array(
-                    'Authorization: Bearer ' . $token
+                    'Authorization: Bearer ' . $token,
+                    'Accept: application/json',
                 ),
                 'ignore_errors' => true,
             ),
@@ -52,10 +53,10 @@ function validateToken($token)
         );
     }
 
-    parse_str($res, $data);
+    $data = json_decode($res, true);
     //FIXME: they spit out non-micropub json error responess
-    verifyUrlParameter($data, 'me');
-    verifyUrlParameter($data, 'client_id');
+    verifyParameter($data, 'me');
+    verifyParameter($data, 'client_id');
     verifyParameter($data, 'scope');
 
     return [$data['me'], $data['client_id'], $data['scope']];
index e7d9e9f..67d6bb1 100644 (file)
@@ -79,8 +79,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     }
 
     header('HTTP/1.0 200 OK');
-    header('Content-type: application/x-www-form-urlencoded');
-    echo http_build_query(
+    header('Content-type: application/json');
+    echo json_encode(
         array(
             'me'        => $me,
             'client_id' => $client_id,
@@ -127,10 +127,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
         )
     );
     header('HTTP/1.0 200 OK');
-    header('Content-type: application/x-www-form-urlencoded');
-    echo http_build_query(
+    header('Content-type: application/json');
+    echo json_encode(
         array(
             'access_token' => $access_token,
+            'token_type' => 'Bearer',
             'me' => $me,
             'scope' => $scope
         )