indieauth/README.md

# taproot/indieauth

A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints
and token endpoints.

Typical minimal usage looks something like this:
    
```php
// Somewhere in your app set-up code:
$server = new Taproot\IndieAuth\Server([
	// A secret key, >= 64 characters long.
	'secret' => YOUR_APP_INDIEAUTH_SECRET,

	// A path to store token data, or an object implementing TokenStorageInterface.
	'tokenStorage' => '/../data/auth_tokens/',

	// An authentication callback function, which either returns data about the current user,
	// or redirects to/implements an authentication flow.
	'handleAuthenticationRequestCallback' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) {
		// If the request is authenticated, return an array with a `me` key containing the
		// canonical URL of the currently logged-in user.
		if ($userUrl = getLoggedInUserUrl($request)) {
			return ['me' => $userUrl];
		}
		
		// Otherwise, redirect the user to a login page, ensuring that they will be redirected
		// back to the IndieAuth flow with query parameters intact once logged in.
		return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]);
	}
]);

// In your authorization endpoint route:
return $server->handleAuthorizationEndpointRequest($request);

// In your token endpoint route:
return $server->handleTokenEndpointRequest($request);

// In another route (e.g. a micropub route), to authenticate the request:
// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header
// or access_token property from a request body)
if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) {
	// Request is authenticated as $accessToken['me'], and is allowed to
	// act according to the scopes listed in $accessToken['scope'].
	$scopes = explode(' ', $accessToken['scope']);
}
```

Refer to the `__construct` documentation for further configuration options, and to the
documentation for both handling methods for further documentation about them.
Initial commit Sketched out first draft of how the library should work, stubbed a lot of the smaller utility classes required, and outlined the main handler functions for the IA Server. 2021-06-06 00:18:44 +01:00			`# taproot/indieauth`

Stubbed README with usage example from Server docblock 2021-06-12 22:06:55 +01:00			`A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints`
			`and token endpoints.`

			`Typical minimal usage looks something like this:`

			```php
			`// Somewhere in your app set-up code:`
			`$server = new Taproot\IndieAuth\Server([`
Cleaned up usage examples 2021-06-12 22:10:20 +01:00			`// A secret key, >= 64 characters long.`
Clarified implied provenance of example secret 2021-06-12 22:11:17 +01:00			`'secret' => YOUR_APP_INDIEAUTH_SECRET,`
Cleaned up usage examples 2021-06-12 22:10:20 +01:00
			`// A path to store token data, or an object implementing TokenStorageInterface.`
			`'tokenStorage' => '/../data/auth_tokens/',`

			`// An authentication callback function, which either returns data about the current user,`
			`// or redirects to/implements an authentication flow.`
Stubbed README with usage example from Server docblock 2021-06-12 22:06:55 +01:00			`'handleAuthenticationRequestCallback' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) {`
			// If the request is authenticated, return an array with a `me` key containing the
			`// canonical URL of the currently logged-in user.`
			`if ($userUrl = getLoggedInUserUrl($request)) {`
			`return ['me' => $userUrl];`
			`}`

			`// Otherwise, redirect the user to a login page, ensuring that they will be redirected`
			`// back to the IndieAuth flow with query parameters intact once logged in.`
			`return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]);`
			`}`
			`]);`

			`// In your authorization endpoint route:`
			`return $server->handleAuthorizationEndpointRequest($request);`

			`// In your token endpoint route:`
			`return $server->handleTokenEndpointRequest($request);`

			`// In another route (e.g. a micropub route), to authenticate the request:`
			`// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header`
			`// or access_token property from a request body)`
			`if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) {`
			`// Request is authenticated as $accessToken['me'], and is allowed to`
			`// act according to the scopes listed in $accessToken['scope'].`
			`$scopes = explode(' ', $accessToken['scope']);`
			`}`
			```

			Refer to the `__construct` documentation for further configuration options, and to the
			`documentation for both handling methods for further documentation about them.`