From: Christian Weiske <cweiske@cweiske.de>
Date: Wed, 3 Aug 2016 20:26:47 +0000 (+0200)
Subject: support auth ID response type
X-Git-Tag: v1.0.0~38
X-Git-Url: https://git.cweiske.de/anoweco.git/commitdiff_plain/b27c705f64af2361f0f30ed27622d014bb1ac3bd

support auth ID response type
---

diff --git a/www/auth.php b/www/auth.php
index ef6d6cf..944e334 100644
--- a/www/auth.php
+++ b/www/auth.php
@@ -110,20 +110,23 @@ if ($_SERVER['REQUEST_METHOD'] == 'GET') {
         exit();
     } else {
         //auth code verification
-        $code         = base64_decode(verifyParameter($_POST, 'code'));
         $redirect_uri = verifyUrlParameter($_POST, 'redirect_uri');
         $client_id    = verifyUrlParameter($_POST, 'client_id');
         $state        = getOptionalParameter($_POST, 'state', null);
 
-        parse_str($code, $codeParts);
-        $emoji     = verifyParameter($codeParts, 'emoji');
-        $signature = verifyParameter($codeParts, 'signature');
-        $me        = verifyUrlParameter($codeParts, 'me');
-        if ($emoji != '\360\237\222\251') {
-            error('Dog poo missing');
-        }
-        if ($signature != 'FIXME') {
-            error('Invalid signature');
+        $code = getOptionalParameter($_POST, 'code', null);
+        if ($code !== null) {
+            //code only given for "code" response_type, not for "id" mode
+            parse_str(base64_decode($code), $codeParts);
+            $emoji     = verifyParameter($codeParts, 'emoji');
+            $signature = verifyParameter($codeParts, 'signature');
+            $me        = verifyUrlParameter($codeParts, 'me');
+            if ($emoji != '\360\237\222\251') {
+                error('Dog poo missing');
+            }
+            if ($signature != 'FIXME') {
+                error('Invalid signature');
+            }
         }
         header('HTTP/1.0 200 OK');
         header('Content-type: application/x-www-form-urlencoded');