'sqlite:' . $dir . $file) ); static::$request = \OAuth2\Request::createFromGlobals(); static::$server = new \OAuth2\Server(static::$storage); static::$server->addGrantType( new \OAuth2\GrantType\AuthorizationCode(static::$storage) ); } /** * Stage 1: Client sends the user to this page * * User responds by accepting or denying * * @view oauth2/server/authorize.twig * @format HtmlFormat */ public function authorize() { static::$server->getResponse(static::$request); return array('queryString' => $_SERVER['QUERY_STRING']); } /** * Stage 2: User response is captured here * * Success or failure is communicated back to the Client using the redirect * url provided by the client * * On success authorization code is sent along * * * @param bool $authorize * * @format JsonFormat,UploadFormat */ public function postAuthorize($authorize = false) { $response = static::$server->handleAuthorizeRequest( static::$request, (bool)$authorize ); die($response->send()); } /** * Stage 3: Client directly calls this api to exchange access token * * It can then use this access token to make calls to protected api * * @format JsonFormat,UploadFormat */ public function postGrant() { $response = static::$server->handleGrantRequest( static::$request ); die($response->send()); } /** * Sample api protected with OAuth2 * * For testing the oAuth token * * @access protected */ public function access() { return array( 'friends' => array('john', 'matt', 'jane') ); } /** * Access verification method. * * API access will be denied when this method returns false * * @return boolean true when api access is allowed; false otherwise */ public function __isAllowed() { return self::$server->verifyResourceRequest(static::$request); //return self::$server->verifyAccessRequest(static::$request); } }