diff --git a/src/OAuth2/OAuth2Routes.php b/src/OAuth2/OAuth2Routes.php index c57c247..b30b3be 100644 --- a/src/OAuth2/OAuth2Routes.php +++ b/src/OAuth2/OAuth2Routes.php @@ -378,8 +378,20 @@ final class OAuth2Routes extends RouteHandler { return $info; } - #[HttpPost('/oauth2/authorise-device')] - public function postAuthoriseDevice($response, $request) { + #[HttpGet('/oauth2/device/verify')] + public function getDeviceVerify() { + return 'TODO: make this page'; + } + + #[HttpPost('/oauth2/device/verify')] + public function postDeviceVerify() { + return [ + 'TODO' => 'make this endpoint', + ]; + } + + #[HttpPost('/oauth2/device/authorise')] + public function postDeviceAuthorise($response, $request) { $response->setHeader('Cache-Control', 'no-store'); if(!$request->isFormContent()) { @@ -396,9 +408,8 @@ final class OAuth2Routes extends RouteHandler { $clientSecret = $authzHeader[1] ?? ''; } elseif($authzHeader[0] !== '') { $response->setStatusCode(401); - $message = 'You must use the Basic method for Authorization parameters.'; - $response->setHeader('WWW-Authenticate', "Basic realm=\"{$message}\""); - return self::error('invalid_client', $message); + $response->setHeader('WWW-Authenticate', 'Basic'); + return self::error('invalid_client', 'You must use the Basic method for Authorization parameters.'); } else { $clientId = (string)$content->getParam('client_id'); $clientSecret = ''; @@ -408,15 +419,22 @@ final class OAuth2Routes extends RouteHandler { try { $appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false); } catch(RuntimeException $ex) { - $response->setStatusCode(400); - return self::error('invalid_client', 'No application has been registered with this client id.'); + if($authzHeader[0] === '') { + $response->setStatusCode(400); + } else { + $response->setStatusCode(401); + $response->setHeader('WWW-Authenticate', 'Basic'); + } + + return self::error('invalid_client', 'No application has been registered with this client ID.'); } $appAuthenticated = false; if($clientSecret !== '') { // TODO: rate limiting if(!$appInfo->verifyClientSecret($clientSecret)) { - $response->setStatusCode(400); + $response->setStatusCode(401); + $response->setHeader('WWW-Authenticate', 'Basic'); return self::error('invalid_client', 'Provided client secret is not correct for this application.'); } } @@ -492,9 +510,8 @@ final class OAuth2Routes extends RouteHandler { $clientSecret = $authzHeader[1] ?? ''; } elseif($authzHeader[0] !== '') { $response->setStatusCode(401); - $message = 'You must either use the Basic method for Authorization or use the client_id and client_secret parameters.'; - $response->setHeader('WWW-Authenticate', "Basic realm=\"{$message}\""); - return self::error('invalid_client', $message); + $response->setHeader('WWW-Authenticate', 'Basic'); + return self::error('invalid_client', 'You must either use the Basic method for Authorization or use the client_id and client_secret parameters.'); } else { $clientId = (string)$content->getParam('client_id'); $clientSecret = (string)$content->getParam('client_secret'); @@ -504,7 +521,13 @@ final class OAuth2Routes extends RouteHandler { try { $appInfo = $appsData->getAppInfo(clientId: $clientId, deleted: false); } catch(RuntimeException $ex) { - $response->setStatusCode(400); + if($authzHeader[0] === '') { + $response->setStatusCode(400); + } else { + $response->setStatusCode(401); + $response->setHeader('WWW-Authenticate', 'Basic'); + } + return self::error('invalid_client', 'No application has been registered with this client id.'); } @@ -513,7 +536,13 @@ final class OAuth2Routes extends RouteHandler { // TODO: rate limiting $appAuthenticated = $appInfo->verifyClientSecret($clientSecret); if(!$appAuthenticated) { - $response->setStatusCode(400); + if($authzHeader[0] === '') { + $response->setStatusCode(400); + } else { + $response->setStatusCode(401); + $response->setHeader('WWW-Authenticate', 'Basic'); + } + return self::error('invalid_client', 'Provided client secret is not correct for this application.'); } }