Authentication fixes: grant_type and json response handling
authorAaron Parecki <aaron@parecki.com>
Tue, 14 Mar 2017 17:49:26 +0000 (10:49 -0700)
committerChristian Weiske <cweiske@cweiske.de>
Thu, 23 Mar 2017 06:40:56 +0000 (07:40 +0100)
* sends `grant_type` parameter for code exchange
* accepts both form-encoded and json responses from token endpoint

src/shpub/Command/Connect.php

index 6634267..748e905 100644 (file)
@@ -126,6 +126,7 @@ class Command_Connect
         $req->setBody(
             http_build_query(
                 [
+                    'grant_type'   => 'authorization_code',
                     'me'           => $userUrl,
                     'code'         => $code,
                     'redirect_uri' => $redirect_uri,
@@ -141,11 +142,14 @@ class Command_Connect
             Log::err($res->getBody());
             exit(2);
         }
-        if ($res->getHeader('content-type') != 'application/x-www-form-urlencoded') {
+        if ($res->getHeader('content-type') == 'application/x-www-form-urlencoded') {
+            parse_str($res->getBody(), $tokenParams);
+        } elseif ($res->getHeader('content-type') == 'application/json') {
+            $tokenParams = json_decode($res->getBody(), true);
+        } else {
             Log::err('Wrong content type in auth verification response');
             exit(2);
         }
-        parse_str($res->getBody(), $tokenParams);
         if (!isset($tokenParams['access_token'])) {
             Log::err('"access_token" missing');
             exit(2);