Changes for /check_token endpoint

b03c9c9a · Sonia Zorba · 0ff1e83d · b03c9c9a · b03c9c9a
Commit b03c9c9a authored 5 years ago by Sonia Zorba
--- a/README.md
+++ b/README.md
@@ -108,6 +108,10 @@ Before using social API it is necessary to register an application on each socia

 Copy the `config-example.php` into `config.php` and edit it for matching your needs.

+### Generate keypair
+
+    php exec/generate-keypair.php
+
 ### Logs directory

 Create the logs directory and assign ownership to the Apache user (usually www-data or apache)

--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -127,10 +127,21 @@ Flight::route('POST /auth/oauth2/check_token', function() {

    global $locator;

-    $token = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING);
+    $headers = apache_request_headers();
+
+    if (!isset($headers['Authorization'])) {
+        throw new BadRequestException("Missing Authorization header");
+    }
+
+    $authorizationHeader = explode(" ", $headers['Authorization']);
+    if ($authorizationHeader[0] === "Bearer") {
+        $token = $authorizationHeader[1];
+    } else {
+        throw new BadRequestException("Invalid token type");
+    }

    if ($token === null) {
-        throw new BadRequestException("Access token id is required");
+        throw new BadRequestException("Access token is required");
    }

    $requestHandler = new \RAP\OAuth2RequestHandler($locator);