This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
Barnaby Walters d6594beebe Fixed issue preventing auth form scopes from being stored
I forgot that PHP’s POST body parsing strips the required trailing [] from
names.
2021-06-18 16:44:10 +02:00
.github/workflows Installed Psalm, set up static analysis 2021-06-15 00:51:04 +02:00
docs Fixed issue preventing auth form scopes from being stored 2021-06-18 16:44:10 +02:00
src Fixed issue preventing auth form scopes from being stored 2021-06-18 16:44:10 +02:00
templates Excluded templates from test coverage, now up to 89% 2021-06-09 00:26:27 +02:00
tests Fixed issue preventing auth form scopes from being stored 2021-06-18 16:44:10 +02:00
.gitignore Added test coverage data to docs folder so it shows up in GH pages 2021-06-13 15:35:07 +02:00
composer.json Installed Psalm, set up static analysis 2021-06-15 00:51:04 +02:00
composer.lock Installed Psalm, set up static analysis 2021-06-15 00:51:04 +02:00
phpdoc.dist.xml Added phpdoc config, generated documentation 2021-06-12 23:04:51 +02:00
psalm.xml Installed Psalm, set up static analysis 2021-06-15 00:51:04 +02:00
README.md Added badges to README 2021-06-16 16:09:07 +02:00
run_coverage.sh Regenerated coverage to work with GH pages: 2021-06-13 15:47:54 +02:00

taproot/indieauth

Latest Stable Version License Total Downloads

A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints and token endpoints.

Typical minimal usage looks something like this:

// Somewhere in your app set-up code:
$server = new Taproot\IndieAuth\Server([
	// A secret key, >= 64 characters long.
	'secret' => YOUR_APP_INDIEAUTH_SECRET,

	// A path to store token data, or an object implementing TokenStorageInterface.
	'tokenStorage' => '/../data/auth_tokens/',

	// An authentication callback function, which either returns data about the current user,
	// or redirects to/implements an authentication flow.
	'authenticationHandler' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) {
		// If the request is authenticated, return an array with a `me` key containing the
		// canonical URL of the currently logged-in user.
		if ($userUrl = getLoggedInUserUrl($request)) {
			return ['me' => $userUrl];
		}
		
		// Otherwise, redirect the user to a login page, ensuring that they will be redirected
		// back to the IndieAuth flow with query parameters intact once logged in.
		return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]);
	}
]);

// In your authorization endpoint route:
return $server->handleAuthorizationEndpointRequest($request);

// In your token endpoint route:
return $server->handleTokenEndpointRequest($request);

// In another route (e.g. a micropub route), to authenticate the request:
// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header
// or access_token property from a request body)
if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) {
	// Request is authenticated as $accessToken['me'], and is allowed to
	// act according to the scopes listed in $accessToken['scope'].
	$scopes = explode(' ', $accessToken['scope']);
}

Refer to the __construct documentation for further configuration options, and to the documentation for both handling methods for further documentation about them, specifically: