From: Christian Weiske <cweiske@cweiske.de>
Date: Mon, 23 Apr 2018 14:25:04 +0000 (+0200)
Subject: Return JSON responses in auth, token and micropub API
X-Git-Tag: v1.0.0~1
X-Git-Url: https://git.cweiske.de/anoweco.git/commitdiff_plain/6c7675f8f675d5a2ca5f863d95b3c1d881f9af3f

Return JSON responses in auth, token and micropub API

The IndieAuth spec wants that now.
Previously, it allowed both x-www-form-urlencoded and application/json.
Now this is not true anymore, because aaronpk wanted IndieAuth to be
"a proper OAuth2 extension".

Resolves: https://github.com/cweiske/anoweco/issues/9
---

diff --git a/www/auth.php b/www/auth.php
index 22e3de9..d47642c 100644
--- a/www/auth.php
+++ b/www/auth.php
@@ -146,8 +146,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
             error('Invalid signature');
         }
         header('HTTP/1.0 200 OK');
-        header('Content-type: application/x-www-form-urlencoded');
-        echo http_build_query(['me' => $me]);
+        header('Content-type: application/json');
+        echo json_encode(['me' => $me]);
         exit();
     }
 } else if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
diff --git a/www/micropub.php b/www/micropub.php
index 3cbfbe8..ab6af86 100644
--- a/www/micropub.php
+++ b/www/micropub.php
@@ -35,7 +35,8 @@ function validateToken($token)
         array(
             'http' => array(
                 'header' => array(
-                    'Authorization: Bearer ' . $token
+                    'Authorization: Bearer ' . $token,
+                    'Accept: application/json',
                 ),
                 'ignore_errors' => true,
             ),
@@ -52,10 +53,10 @@ function validateToken($token)
         );
     }
 
-    parse_str($res, $data);
+    $data = json_decode($res, true);
     //FIXME: they spit out non-micropub json error responess
-    verifyUrlParameter($data, 'me');
-    verifyUrlParameter($data, 'client_id');
+    verifyParameter($data, 'me');
+    verifyParameter($data, 'client_id');
     verifyParameter($data, 'scope');
 
     return [$data['me'], $data['client_id'], $data['scope']];
diff --git a/www/token.php b/www/token.php
index e7d9e9f..67d6bb1 100644
--- a/www/token.php
+++ b/www/token.php
@@ -79,8 +79,8 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
     }
 
     header('HTTP/1.0 200 OK');
-    header('Content-type: application/x-www-form-urlencoded');
-    echo http_build_query(
+    header('Content-type: application/json');
+    echo json_encode(
         array(
             'me'        => $me,
             'client_id' => $client_id,
@@ -127,10 +127,11 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
         )
     );
     header('HTTP/1.0 200 OK');
-    header('Content-type: application/x-www-form-urlencoded');
-    echo http_build_query(
+    header('Content-type: application/json');
+    echo json_encode(
         array(
             'access_token' => $access_token,
+            'token_type' => 'Bearer',
             'me' => $me,
             'scope' => $scope
         )