Check default parameters in authorize url

Vyacheslav Slinko
Commit 5df6e94e5089b8c280361b53c68af6177aa1be79 5df6e94e 1 parent 65530994
Showing 1 changed file with 12 additions and 10 deletions
oauth2.php
--- a/oauth2.php
View file @5df6e94
+++ b/oauth2.php
View file @5df6e94
@@ -132,7 +132,9 @@ class OAuth2_Service
         if ($this->_scope) {
             $parameters['scope'] = $this->_scope;
         }
-         $url = $this->_configuration->getAuthorizeEndpoint() . '?' . http_build_query($parameters);
+ 
+         $url = $this->_configuration->getAuthorizeEndpoint();
+         $url .= (strpos($url, '?') !== false ? '&' : '?') . http_build_query($parameters);
 
         header('Location: ' . $url);
         die();
@@ -163,7 +165,7 @@ class OAuth2_Service
         if ($this->_scope) {
             $parameters['scope'] = $this->_scope;
         }
-         
+ 
         $http = new OAuth2_HttpClient($this->_configuration->getAccessTokenEndpoint(), 'POST', http_build_query($parameters));
         //$http->setDebug(true);
         $http->execute();
@@ -227,7 +229,7 @@ class OAuth2_Service
             throw new OAuth2_Exception('no access_token found');
         }
 
-         $token = new OAuth2_Token($response['access_token'], 
+         $token = new OAuth2_Token($response['access_token'],
                 isset($response['refresh_token']) ? $response['refresh_token'] : $oldRefreshToken,
                 isset($response['expires_in']) ? $response['expires_in'] : null);
 
@@ -239,7 +241,7 @@ class OAuth2_Service
         foreach ($response as $key => $value) {
             $token->{'set' . $key}($value);
         }
-         
+ 
         $this->_dataStore->storeAccessToken($token);
 
         return $token;
@@ -265,12 +267,12 @@ class OAuth2_Service
 
         $parameters = null;
 
-         if (!$this->_configuration->getUseOnlyAuthorizationHeader()){ 
+         if (!$this->_configuration->getUseOnlyAuthorizationHeader()){
             /*
             http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5.1
             Clients SHOULD only use the request URI or body when the
             "Authorization" request header field is not available, and MUST NOT
-             use more than one method in each request.only one method should be used as per the Draft. 
+             use more than one method in each request.only one method should be used as per the Draft.
             Allow to override correct behavior for misimplemented servers
             */
             if ($method !== 'GET') {
@@ -291,7 +293,7 @@ class OAuth2_Service
                 $parameters = $postBody;
             }
         }
-         
+ 
         if (! empty($uriParameters)) {
             $endpoint .= (strpos($endpoint, '?') !== false ? '&' : '?') . http_build_query($uriParameters);
         }
@@ -610,7 +612,7 @@ class OAuth2_HttpClient
             print_r($this->_response);
             echo "</pre>";
         }
-         
+ 
         curl_close($ch);
     }
 
@@ -629,11 +631,11 @@ class OAuth2_HttpClient
     }
 
     /**
-      * @param boolean $debug 
+      * @param boolean $debug
      */
     public function setDebug($debug) {
         $this->_debug = $debug;
     }
 }
 
- class OAuth2_Exception extends Exception {}
\ No newline at end of file
+ class OAuth2_Exception extends Exception {}