From 128da7f53e5051f7a93b02a2c7bb37a44b39b614 Mon Sep 17 00:00:00 2001 From: Barnaby Walters Date: Sat, 12 Jun 2021 23:06:55 +0200 Subject: [PATCH] Stubbed README with usage example from Server docblock --- README.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/README.md b/README.md index 3d8c012..bfd1989 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,43 @@ # taproot/indieauth +A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints +and token endpoints. + +Typical minimal usage looks something like this: + +```php +// Somewhere in your app set-up code: +$server = new Taproot\IndieAuth\Server([ + 'secret' => APP_INDIEAUTH_SECRET, // A secret key, >= 64 characters long. + 'tokenStorage' => '/../data/auth_tokens/', // A path to store token data, or an object implementing TokenStorageInterface. + 'handleAuthenticationRequestCallback' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) { + // If the request is authenticated, return an array with a `me` key containing the + // canonical URL of the currently logged-in user. + if ($userUrl = getLoggedInUserUrl($request)) { + return ['me' => $userUrl]; + } + + // Otherwise, redirect the user to a login page, ensuring that they will be redirected + // back to the IndieAuth flow with query parameters intact once logged in. + return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]); + } +]); + +// In your authorization endpoint route: +return $server->handleAuthorizationEndpointRequest($request); + +// In your token endpoint route: +return $server->handleTokenEndpointRequest($request); + +// In another route (e.g. a micropub route), to authenticate the request: +// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header +// or access_token property from a request body) +if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) { + // Request is authenticated as $accessToken['me'], and is allowed to + // act according to the scopes listed in $accessToken['scope']. + $scopes = explode(' ', $accessToken['scope']); +} +``` + +Refer to the `__construct` documentation for further configuration options, and to the +documentation for both handling methods for further documentation about them.