formTemplatePath = $formTemplatePath ?? __DIR__ . '/../templates/default_authorization_page.html.php'; $this->csrfKey = $csrfKey ?? \Taproot\IndieAuth\Server::DEFAULT_CSRF_KEY; $this->logger = $logger ?? new NullLogger; } public function showForm(ServerRequestInterface $request, array $authenticationResult, string $formAction, ?array $clientHApp): ResponseInterface { // Show an authorization page. List all requested scopes, as this default // function has now way of knowing which scopes are supported by the consumer. $scopes = []; foreach(explode(' ', $request->getQueryParams()['scope'] ?? '') as $s) { $scopes[$s] = null; // Ideally there would be a description of the scope here, we don’t have one though. } $hApp = [ 'name' => M\getProp($clientHApp, 'name'), 'url' => M\getProp($clientHApp, 'url'), 'photo' => M\getProp($clientHApp, 'photo') ]; return new Response(200, ['content-type' => 'text/html'], renderTemplate($this->formTemplatePath, [ 'scopes' => $scopes, 'user' => $authenticationResult, 'formAction' => $formAction, 'request' => $request, 'clientHApp' => $hApp, 'clientId' => $request->getQueryParams()['client_id'], 'clientRedirectUri' => $request->getQueryParams()['redirect_uri'], 'csrfFormElement' => '' ])); } public function transformAuthorizationCode(ServerRequestInterface $request, array $code): array { // Add any granted scopes from the form to the code. $grantedScopes = $request->getParsedBody()['taproot_indieauth_server_scope[]'] ?? []; // This default implementation naievely accepts any scopes it receives from the form. // You may wish to perform some sort of validation. $code['scope'] = join(' ', $grantedScopes); // You may wish to additionally make any other necessary changes to the the code based on // the form submission, e.g. if the user set a custom token lifetime, or wanted extra data // stored on the token to affect how it behaves. return $code; } public function setLogger(LoggerInterface $logger) { $this->logger = $logger; } }