/
step2.php
158 lines (108 loc) · 3.53 KB
/
step2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
<?
include('config.php');
include('curl.php');
if ($_GET['error']){
include('head.txt');
?>
<h2>Step 2 Error: <?=HtmlSpecialChars($_GET['error'])?></h2>
<p><b>Error description:</b> <?=HtmlSpecialChars($_GET['error_description'])?></p>
<p><b>State:</b> <code><?=HtmlSpecialChars($_GET['state'])?></code></p>
<?
include('foot.txt');
exit;
}
if (!$_GET['code']){
include('head.txt');
?>
<h2>Step 2 Error: No code</h2>
<p>Odd - we didn't get an authorization code passed back to us. I wonder why?</p>
<?
include('foot.txt');
exit;
}
$args = array(
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redir_url,
);
if ($_GET['exchange']){
$ret = curl_http_post("http://api.alpha.glitch.com/oauth2/token", $args);
#
# check for bad status
#
if ($ret['status'] != 200 && $ret['status'] != 400){
include('head.txt');
?>
<h2>Step 3 Error - Unexpected HTTP status code</h2>
<p>The POST to the token endpoint unexpectedly returned status code <?=HtmlSpecialChars($ret['status'])?>. This might be a temporary failure.</p>
<p>The body of the request follows:</p>
<pre><?=HtmlSpecialChars($ret['body'])?></pre>
<?
include('foot.txt');
exit;
}
#
# can we decode the JSON?
#
$obj = @json_decode($ret['body'], true);
if (!is_array($obj) || !count($obj)){
include('head.txt');
?>
<h2>Step 3 Error - Unable to parse JSON response</h2>
<p>The JSON body returned by the API request could not be parsed.</p>
<p>The body of the request follows:</p>
<pre><?=HtmlSpecialChars($ret['body'])?></pre>
<?
include('foot.txt');
exit;
}
#
# was there an error?
#
if (strlen($obj['error'])){
include('head.txt');
?>
<h2>Step 3 Error: <?=HtmlSpecialChars($obj['error'])?></h2>
<p><b>Error description:</b> <?=HtmlSpecialChars($obj['error_description'])?></p>
<p>The body of the request follows:</p>
<pre><?=HtmlSpecialChars($ret['body'])?></pre>
<?
include('foot.txt');
exit;
}
#
# looks like we're good to go...
#
include('head.txt');
?>
<h2>Step 3 - Use access token</h2>
<p>The token endpoint has exchanged our authorization code for a usable access token:</p>
<ul>
<? foreach ($obj as $k => $v){ ?>
<li><code><?=HtmlSpecialChars($k)?></code> = <code><?=HtmlSpecialChars($v)?></code></li>
<? } ?>
</ul>
<p>We will call an API method using this token, in the iframe below:</p>
<iframe width="100%" height="200" src="http://api.alpha.glitch.com/simple/auth.check?oauth_token=<?=HtmlSpecialChars($obj['access_token'])?>&simple=1&pretty=1"></iframe>
<p>That concludes the demo. In your application, you would then store the <code>access_token</code> somewhere on the server and use it for subsequent requests.</p>
<?
include('foot.txt');
exit;
}
include('head.txt');
?>
<h2>Step 2 - Exchange code for access token</h2>
<p>The user has authorized our request and we have been returned the code <code><?=HtmlSpecialChars($_GET['code'])?></code>.</p>
<p>We now need to exchange this code for an access token, by calling the token endpoint <code>http://api.alpha.glitch.com/oauth2/token</code> with the following parameters:</p>
<ul>
<? foreach ($args as $k => $v){ ?>
<li><code><?=HtmlSpecialChars($k)?></code> = <code><?=HtmlSpecialChars($v)?></code></li>
<? } ?>
</ul>
<p>This step must be done using an HTTP POST from the server.</p>
<p><a href="step2.php?code=<?=HtmlSpecialChars($_GET['code'])?>&exchange=1">Exchange code for access token</a></p>
<?
include('foot.txt');
?>