provide option for choosing the scope to request

update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.

composer.json

@@ -3,10 +3,9 @@
     "slim/slim": "2.2.*",
     "saltybeagle/savant3": "dev-master",
     "j4mie/idiorm": "1.4.*",
-    "mf2/mf2": "0.2.*",
-    "indieweb/mention-client": "0.*",
+    "mf2/mf2": "0.3.*",
     "indieweb/date-formatter": "0.1.*",
-    "indieauth/client": ">=0.1.11",
+    "indieauth/client": ">=0.2.0",
     "mpratt/relativetime": ">=1.0",
     "firebase/php-jwt": "2.*",
     "abraham/twitteroauth": "*",

controllers/auth.php

@@ -33,13 +33,14 @@ function buildRedirectURI() {
   $tokenEndpoint = IndieAuth\Client::discoverTokenEndpoint($me);
   $micropubEndpoint = IndieAuth\Client::discoverMicropubEndpoint($me);
 
+  $defaultScope = 'create';
+
   if($tokenEndpoint && $micropubEndpoint && $authorizationEndpoint) {
     // Generate a "state" parameter for the request
     $state = IndieAuth\Client::generateStateParameter();
     $_SESSION['auth_state'] = $state;
 
-    $scope = 'post';
-    $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $scope);
+    $authorizationURL = IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, buildRedirectURI(), Config::$base_url, $state, $defaultScope);
   } else {
     $authorizationURL = false;
   }
@@ -62,6 +63,11 @@ function buildRedirectURI() {
     $user->token_endpoint = $tokenEndpoint;
     $user->save();
 
+    // Request whatever scope was previously granted
+    $authorizationURL = parse_url($authorizationURL);
+    $authorizationURL['scope'] = $user->micropub_scope;
+    $authorizationURL = http_build_url($authorizationURL);
+
     $app->redirect($authorizationURL, 302);
 
   } else {
@@ -77,6 +83,11 @@ function buildRedirectURI() {
     $user->save();
 
     if(k($params, 'dontask') && $params['dontask']) {
+      // Request whatever scope was previously granted
+      $authorizationURL = parse_url($authorizationURL);
+      $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope;
+      $authorizationURL = http_build_url($authorizationURL);
+
       $_SESSION['dontask'] = 1;
       $app->redirect($authorizationURL, 302);
     }
@@ -95,6 +106,23 @@ function buildRedirectURI() {
   }
 });
 
+$app->get('/auth/redirect', function() use($app) {
+  $req = $app->request();
+  $params = $req->params();
+
+  if(!isset($params['scope']))
+    $params['scope'] = '';
+
+  $authorizationURL = parse_url($params['authorization_url']);
+  parse_str($authorizationURL['query'], $query);
+  $query['scope'] = $params['scope'];
+  $authorizationURL['query'] = http_build_query($query);
+  $authorizationURL = http_build_url($authorizationURL);
+
+  $app->redirect($authorizationURL);
+  return;
+});
+
 $app->get('/auth/callback', function() use($app) {
   $req = $app->request();
   $params = $req->params();

views/auth_start.php

@@ -53,8 +53,18 @@
 
   <p>Clicking the button below will take you to <strong>your</strong> authorization server which is where you will allow this app to be able to post to your site.</p>
 
-  <a href="<?= $this->authorizationURL ?>" class="btn btn-primary">Authorize</a>
+  <form action="/auth/redirect" method="get">
+    <p>Choose the scope to request:</p>
+    <ul style="list-style-type: none;">
+      <li><input type="radio" name="scope" value="create" checked="checked"> create</li>
+      <li><input type="radio" name="scope" value="post"> post (legacy)</li>
+    </ul>
+
+    <button class="btn btn-primary" type="submit" id="auth-submit">Authorize</button>
+
+    <input type="hidden" name="authorization_url" value="<?= $this->authorizationURL ?>">
+  </form>
 
 <?php endif; ?>
 
-</div>
+</div>