Bastian Hofmann

Merge pull request #10 from vslinko/allow_disable_header

Some oauth2 servers doesn't recognize Authorization header
Showing 1 changed file with 20 additions and 15 deletions
... ... @@ -27,6 +27,9 @@
class OAuth2_Service_Configuration
{
const AUTHORIZATION_METHOD_HEADER = 1;
const AUTHORIZATION_METHOD_ALTERNATIVE = 2;
/**
* @var string
*/
... ... @@ -40,7 +43,7 @@ class OAuth2_Service_Configuration
/**
* @var string
*/
private $_useOnlyAuthorizationHeader = true;
private $_authorizationMethod = self::AUTHORIZATION_METHOD_HEADER;
/**
* @param string $authorizeEndpoint
... ... @@ -68,15 +71,15 @@ class OAuth2_Service_Configuration
/**
* @return string
*/
public function setUseOnlyAuthorizationHeader($useOnlyAuthorizationHeader) {
$this->_useOnlyAuthorizationHeader = $useOnlyAuthorizationHeader;
public function setAuthorizationMethod($authorizationMethod) {
$this->_authorizationMethod = $authorizationMethod;
}
/**
* @return string
*/
public function getUseOnlyAuthorizationHeader() {
return $this->_useOnlyAuthorizationHeader;
public function getAuthorizationMethod() {
return $this->_authorizationMethod;
}
}
... ... @@ -267,14 +270,13 @@ class OAuth2_Service
$parameters = null;
if (!$this->_configuration->getUseOnlyAuthorizationHeader()){
/*
http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1
Clients SHOULD only use the request URI or body when the
"Authorization" request header field is not available, and MUST NOT
use more than one method in each request.only one method should be used as per the Draft.
Allow to override correct behavior for misimplemented servers
*/
$authorizationMethod = $this->_configuration->getAuthorizationMethod();
switch ($authorizationMethod) {
case OAuth2_Service_Configuration::AUTHORIZATION_METHOD_HEADER:
$additionalHeaders = array_merge(array('Authorization: OAuth ' . $token->getAccessToken()), $additionalHeaders);
break;
case OAuth2_Service_Configuration::AUTHORIZATION_METHOD_ALTERNATIVE:
if ($method !== 'GET') {
if (is_array($postBody)) {
$postBody['oauth_token'] = $token->getAccessToken();
... ... @@ -284,6 +286,10 @@ class OAuth2_Service
} else {
$uriParameters['oauth_token'] = $token->getAccessToken();
}
break;
default:
throw new OAuth2_Exception("Invalid authorization method specified");
break;
}
if ($method !== 'GET') {
... ... @@ -298,9 +304,8 @@ class OAuth2_Service
$endpoint .= (strpos($endpoint, '?') !== false ? '&' : '?') . http_build_query($uriParameters);
}
$headers = array_merge(array('Authorization: OAuth ' . $token->getAccessToken()), $additionalHeaders);
$http = new OAuth2_HttpClient($endpoint, $method, $parameters, $headers);
$http = new OAuth2_HttpClient($endpoint, $method, $parameters, $additionalHeaders);
$http->execute();
return $http->getResponse();
... ...