mirror of
https://github.com/Poniverse/Pony.fm.git
synced 2024-11-22 13:07:59 +01:00
Added support for authorising oauth2 endpoints with the bearer header
This commit is contained in:
parent
6b026e8551
commit
3399f3e223
1 changed files with 17 additions and 1 deletions
|
@ -64,7 +64,7 @@ class AuthenticateOAuth
|
|||
public function handle(Request $request, Closure $next, $requiredScope)
|
||||
{
|
||||
// Ensure this is a valid OAuth client.
|
||||
$accessToken = $request->get('access_token');
|
||||
$accessToken = $this->determineAccessToken($request, false);
|
||||
|
||||
// check that access token is valid at Poniverse.net
|
||||
$accessTokenInfo = $this->poniverse->getAccessTokenInfo($accessToken);
|
||||
|
@ -88,4 +88,20 @@ class AuthenticateOAuth
|
|||
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
|
||||
private function determineAccessToken(Request $request, $headerOnly = true)
|
||||
{
|
||||
$header = $request->header('Authorization');
|
||||
|
||||
if ($header !== null && substr($header, 0, 7) === 'Bearer ') {
|
||||
return trim(substr($header, 7));
|
||||
}
|
||||
|
||||
if ($headerOnly) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $request->get('access_token');
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue