You are here

Home » API reference » OAuth2 Server 7 » oauth2_server.pages.inc

function oauth2_server_authorize_page in OAuth2 Server 7

Page callback: Authenticates the user and redirect back to the client with an authorization code.

1 string reference to 'oauth2_server_authorize_page'
oauth2_server_menu in ./oauth2_server.module
Implements hook_menu().

File

./oauth2_server.pages.inc, line 12
Page callbacks for the OAuth2 Server module.

Code

function oauth2_server_authorize_page() {
  global $user;
  module_invoke_all('oauth2_server_pre_authorize');

  // Save the parameters in session so that they can be fetched later.
  $parameters = drupal_get_query_parameters();
  if (!empty($parameters['client_id']) || !empty($parameters['response_type'])) {
    $_SESSION['oauth2_server_authorize'] = $parameters;
  }

  // The user is not logged in. Redirect to login.
  if (!user_is_logged_in()) {
    $query = array(
      'destination' => 'oauth2/authorize',
    );
    drupal_goto('user/login', array(
      'query' => $query,
    ));
  }
  elseif (empty($_SESSION['oauth2_server_authorize'])) {
    drupal_goto();
  }
  $request = new OAuth2\Request($_SESSION['oauth2_server_authorize']);
  $client_id = $request
    ->query('client_id');
  $client = NULL;
  $server = NULL;

  // Get the client and use it to load the server and initialize the server.
  if ($client_id) {
    $client = oauth2_server_client_load($client_id);
    if ($client) {
      $server = oauth2_server_load($client->server);
    }
  }

  // Initialize the server.
  $oauth2_server = oauth2_server_start($server);

  // Automatic authorization is enabled for this client. Finish authorization.
  // handleAuthorizeRequest() will call validateAuthorizeRequest().
  $response = new OAuth2\Response();
  if ($client && $client->automatic_authorization) {
    unset($_SESSION['oauth2_server_authorize']);
    $oauth2_server
      ->handleAuthorizeRequest($request, $response, TRUE, $user->uid);
    return oauth2_server_send_response($response);
  }
  else {

    // Validate the request.
    if (!$oauth2_server
      ->validateAuthorizeRequest($request, $response)) {

      // Clear the parameters saved in the session to avoid reusing them when
      // doing an other request while logged in.
      unset($_SESSION['oauth2_server_authorize']);
      return oauth2_server_send_response($response);
    }

    // Determine the scope for this request.
    $scope_util = new Drupal\oauth2_server\Scope($server);
    if (!($scope = $scope_util
      ->getScopeFromRequest($request))) {
      $scope = $scope_util
        ->getDefaultScope();
    }

    // Convert the scope string to a set of entities.
    $scope_names = explode(' ', $scope);
    $scopes = oauth2_server_scope_load_multiple($server->name, $scope_names);

    // Show the authorize form.
    return drupal_get_form('oauth2_server_authorize_form', $client, $server, $scopes);
  }
}