forked from jaedb/Iris
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.php
executable file
·166 lines (124 loc) · 4.7 KB
/
auth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?php
// Spotify app credentials
// Create your application here: https://developer.spotify.com/my-applications
define('CLIENT_ID','YOUR_ID_HERE');
define('CLIENT_SECRET','YOUR_SECRET_HERE');
define('REDIRECT_URI','YOUR_REDIRECT_URI_HERE (to this file)');
// Allow cross-domain requests
header("Access-Control-Allow-Origin: *");
// Set our cookies
if (isset($_GET['app'])){
setcookie( 'mopidy_iris', $_GET['app'], time()+3600 );
}
/* ================================================================================= INIT ================ */
/* ======================================================================================================= */
// we've just completed authorization, now create credentials (access_token, etc)
if (isset($_GET['code'])){
// go get our credentials
$response = getToken($_GET['code']);
$responseArray = json_decode( $response, true );
// add our code to the array of credentials, etc
$responseArray['authorization_code'] = $_GET['code'];
$response = json_encode($responseArray);
// make sure we have a successful response
if( !isset($responseArray['access_token']) ){
echo 'Error!';
die();
}
// Pass our error back to the popup opener
?>
<script type="text/javascript">
window.opener.postMessage( '<?php echo $response ?>', "*");
window.close();
</script>
<?php
// authorization error
} else if (isset($_GET['error'])){
// Pass our error back to the popup opener
?>
<script type="text/javascript">
window.opener.postMessage("{\"error\": \"<?php echo $_GET['error'] ?>\"}", "*");
window.close();
</script>
<?php
// refresh existing token
} else if (isset($_GET['action']) && $_GET['action'] == 'refresh' && $_GET['refresh_token']){
header('Content-Type: application/json');
$response = refreshToken( $_GET['refresh_token'] );
// parse our response code to our response
header(' ', true, $response['response_code'] );
// create the body of our response
echo $response['exec'];
die();
// fresh authentication, so let's get one
} else if (isset($_GET['action']) && $_GET['action'] == 'authorize'){
// Simply redirect to the authorization panel
header('Location: https://accounts.spotify.com/authorize?client_id='.CLIENT_ID.'&redirect_uri='.REDIRECT_URI.'&scope='.$_GET['scope'].'&response_type=code&show_dialog=true');
exit;
}
/* ================================================================================= GETTERS ============= */
/* ======================================================================================================= */
/*
* Get a new access token
* Creates a request to Spotify, which returns a new access_token, refresh_token and token_expiry object
* @param $code = string
*/
function getToken($code){
$ch = curl_init();
if (FALSE === $ch)
throw new Exception('Failed to initialize');
$post_data = array(
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'grant_type' => 'authorization_code',
'code' => $code,
'redirect_uri' => REDIRECT_URI
);
curl_setopt($ch, CURLOPT_URL,"https://accounts.spotify.com/api/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
if(curl_errno($ch)){
echo 'CURL Error: '. curl_error($ch);
}
curl_close($ch);
return $response;
}
/*
* Refresh a token
* Creates a request to Spotify, which returns a new access_token, refresh_token and token_expiry object
* @var $refresh_token = string
*/
function refreshToken($refresh_token){
$ch = curl_init();
$post_data = array(
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'grant_type' => 'refresh_token',
'refresh_token' => $refresh_token
);
curl_setopt($ch, CURLOPT_URL,"https://accounts.spotify.com/api/token");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$exec = curl_exec($ch);
$info = curl_getinfo($ch);
$response = array(
'exec' => $exec,
'response_code' => $info['http_code']
);
curl_close ($ch);
return $response;
}