indieauth/README.md

# taproot/indieauth

A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints
and token endpoints.

Typical minimal usage looks something like this:
    
```php
// Somewhere in your app set-up code:
$server = new Taproot\IndieAuth\Server([
	// A secret key, >= 64 characters long.
	'secret' => YOUR_APP_INDIEAUTH_SECRET,

	// A path to store token data, or an object implementing TokenStorageInterface.
	'tokenStorage' => '/../data/auth_tokens/',

	// An authentication callback function, which either returns data about the current user,
	// or redirects to/implements an authentication flow.
	'handleAuthenticationRequestCallback' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) {
		// If the request is authenticated, return an array with a `me` key containing the
		// canonical URL of the currently logged-in user.
		if ($userUrl = getLoggedInUserUrl($request)) {
			return ['me' => $userUrl];
		}
		
		// Otherwise, redirect the user to a login page, ensuring that they will be redirected
		// back to the IndieAuth flow with query parameters intact once logged in.
		return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]);
	}
]);

// In your authorization endpoint route:
return $server->handleAuthorizationEndpointRequest($request);

// In your token endpoint route:
return $server->handleTokenEndpointRequest($request);

// In another route (e.g. a micropub route), to authenticate the request:
// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header
// or access_token property from a request body)
if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) {
	// Request is authenticated as $accessToken['me'], and is allowed to
	// act according to the scopes listed in $accessToken['scope'].
	$scopes = explode(' ', $accessToken['scope']);
}
```

Refer to the `__construct` documentation for further configuration options, and to [the
documentation](https://taproot.github.io/indieauth/) for both handling methods for further documentation about them.
Initial commit Sketched out first draft of how the library should work, stubbed a lot of the smaller utility classes required, and outlined the main handler functions for the IA Server. 2021-06-06 00:18:44 +01:00			`# taproot/indieauth`

Stubbed README with usage example from Server docblock 2021-06-12 22:06:55 +01:00			`A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints`
			`and token endpoints.`

			`Typical minimal usage looks something like this:`

			```php
			`// Somewhere in your app set-up code:`
			`$server = new Taproot\IndieAuth\Server([`
Cleaned up usage examples 2021-06-12 22:10:20 +01:00			`// A secret key, >= 64 characters long.`
Clarified implied provenance of example secret 2021-06-12 22:11:17 +01:00			`'secret' => YOUR_APP_INDIEAUTH_SECRET,`
Cleaned up usage examples 2021-06-12 22:10:20 +01:00
			`// A path to store token data, or an object implementing TokenStorageInterface.`
			`'tokenStorage' => '/../data/auth_tokens/',`

			`// An authentication callback function, which either returns data about the current user,`
			`// or redirects to/implements an authentication flow.`
Stubbed README with usage example from Server docblock 2021-06-12 22:06:55 +01:00			`'handleAuthenticationRequestCallback' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) {`
			// If the request is authenticated, return an array with a `me` key containing the
			`// canonical URL of the currently logged-in user.`
			`if ($userUrl = getLoggedInUserUrl($request)) {`
			`return ['me' => $userUrl];`
			`}`

			`// Otherwise, redirect the user to a login page, ensuring that they will be redirected`
			`// back to the IndieAuth flow with query parameters intact once logged in.`
			`return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]);`
			`}`
			`]);`

			`// In your authorization endpoint route:`
			`return $server->handleAuthorizationEndpointRequest($request);`

			`// In your token endpoint route:`
			`return $server->handleTokenEndpointRequest($request);`

			`// In another route (e.g. a micropub route), to authenticate the request:`
			`// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header`
			`// or access_token property from a request body)`
			`if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) {`
			`// Request is authenticated as $accessToken['me'], and is allowed to`
			`// act according to the scopes listed in $accessToken['scope'].`
			`$scopes = explode(' ', $accessToken['scope']);`
			`}`
			```

Linked to GH pages documentation 2021-06-12 22:17:02 +01:00			Refer to the `__construct` documentation for further configuration options, and to [the
			`documentation](https://taproot.github.io/indieauth/) for both handling methods for further documentation about them.`