Added some more checking for oauth2-client
This commit is contained in:
Kasper Rynning-Tønnesen
parent
1b85303566
commit
c7ed6513f0
|
|
@ -33,19 +33,20 @@ class OAuth2 {
|
||||||
$this->response_type = isset($params["response_type"]) ? $params["response_type"] : "code";
|
$this->response_type = isset($params["response_type"]) ? $params["response_type"] : "code";
|
||||||
}
|
}
|
||||||
|
|
||||||
public function get_access_token($state = false) {
|
public function get_access_token(
|
||||||
|
$state = mysql_real_escape_string($_GET['state']),
|
||||||
|
$code = mysql_real_escape_string($_GET['code'])) {
|
||||||
if($this->session && $state) {
|
if($this->session && $state) {
|
||||||
if($_SESSION['state'] != $state) {
|
if($_SESSION['state'] != $state) {
|
||||||
die('States does not match');
|
die('States does not match');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$access_token = $this->get_oauth_token();
|
$access_token = $this->get_oauth_token($code);
|
||||||
return $access_token;
|
return $access_token;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function get_oauth_token() {
|
private function get_oauth_token($code) {
|
||||||
$code = htmlspecialchars($_GET['code']);
|
|
||||||
$params = array(
|
$params = array(
|
||||||
'grant_type' => $this->grant_type,
|
'grant_type' => $this->grant_type,
|
||||||
'client_id' => $this->client_id,
|
'client_id' => $this->client_id,
|
||||||
|
|
@ -67,6 +68,7 @@ class OAuth2 {
|
||||||
}
|
}
|
||||||
|
|
||||||
public function get_identity($access_token, $identity_url) {
|
public function get_identity($access_token, $identity_url) {
|
||||||
|
if(!$access_token || !$identity_url) throw new Exception("Missing either \$access_token or \$identity_url in get_identity function.");
|
||||||
$params = array(
|
$params = array(
|
||||||
'access_token' => $access_token,
|
'access_token' => $access_token,
|
||||||
);
|
);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue