fidor_starter_kits 0.4.0 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 30fdb6f18b6e5fc63cf4c0fa3c62ae153c937b84
4
- data.tar.gz: 824c624eb90dccf800c6d193d8d9258ab6f369d5
3
+ metadata.gz: f7ad745a98bc665f779656eafe044a2347095f7f
4
+ data.tar.gz: a14fdce60c3b77f7a67d39380a475a4f459b181a
5
5
  SHA512:
6
- metadata.gz: 91857810606f02f9be3e5112e21e8a5420d45a9246ff47bd1fa9e2d0ae2455d07d9fa08894e230af79e892bdb3f0c36a21ccc1c70120f02f7f8a9f54288800e2
7
- data.tar.gz: d349653302eb2728b4c867f2458b26f381cb748d8cc7e8eb0bfe747e91a594bfdb893f74e6c510b60d33d60efd153a4289f701164f0c6a90a735f7f6f85201b4
6
+ metadata.gz: da247667b132890f3805783948690d7a5cdab9880b01cb8b279fbf8399b83337fe63c80736221a7eaad6d643bc909da7dd26c514687e79b391120a5a9da67210
7
+ data.tar.gz: 7c734c748e1a6c24d9facd4faadba4935cf9307859509faf3506d58954ff57698a9e2fe29d180e9143906269a44f5b624e7d727f5c1c1fd5bc559f4971269c51
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  # Changelog Fidor Admin API Schema
2
2
  See [commit messages](https://github.com/fidor/fidor_starter_kits/commits/) for details.
3
3
 
4
+ ##2016-01
5
+
6
+ * remove client_secret usage in params => moved to BasicAuth header
7
+
4
8
  ##2015-06
5
9
 
6
10
  * fix usage of access_token in api URLs, now set in Authorization Header
@@ -1,3 +1,3 @@
1
1
  module FidorStarterKits
2
- VERSION = '0.4.0'
2
+ VERSION = '0.5.0'
3
3
  end
@@ -212,7 +212,6 @@ func retrieveTokenFromCode(code string, target_endpoint string) (token string, e
212
212
  redirect_uri := fmt.Sprintf("%s/oauth?ep=%s", fidorConfig.AppUrl, target_endpoint)
213
213
  tokenPayload := url.Values{
214
214
  "client_id": {fidorConfig.ClientId},
215
- //"client_secret": {fidorConfig.ClientSecret},
216
215
  "code": {code},
217
216
  "redirect_uri": {url.QueryEscape(redirect_uri)},
218
217
  "grant_type": {"authorization_code"},
@@ -86,7 +86,6 @@ function retrieve_access_token_from_code( code, target_endpoint, cb ) {
86
86
  var postData = {
87
87
  code : code,
88
88
  client_id : fidor_config.client_id,
89
- // client_secret : fidor_config.client_secret, // deprecated, please use basic auth, see. postOptions, above
90
89
  redirect_uri : encodeURIComponent(redirect_uri),
91
90
  grant_type : "authorization_code"
92
91
  }
@@ -6,31 +6,35 @@ $app_secret = "<CLIENT_SECRET>";
6
6
  $fidor_oauth_url= "<FIDOR_OAUTH_URL>"; # e.g Sandbox: https://aps.fidor.de/oauth / Live: https://apm.fidor.de/oauth
7
7
  $fidor_api_url = "<FIDOR_API_URL>"; # e.g Sandbox: https://aps.fidor.de / Live: https://api.fidor.de
8
8
 
9
-
10
9
  $code = $_REQUEST["code"];
11
10
 
12
11
  # 1. redirect to authorize url
13
- if(empty($code)) {
14
- $dialog_url = $fidor_oauth_url . "/authorize?" .
15
- "client_id=". $app_id .
16
- "&redirect_uri=" . urlencode($app_url) .
17
- "&state=1234&response_type=code";
18
-
19
- echo("<script> top.location.href='" . $dialog_url . "'</script>");
20
- }
12
+ if(empty($code) || $code == '') {
13
+ $dialog_url = $fidor_oauth_url . "/authorize?" .
14
+ "client_id=". $app_id .
15
+ "&redirect_uri=" . urlencode($app_url) .
16
+ "&state=1234&response_type=code";
17
+
18
+ echo("<script> top.location.href='" . $dialog_url . "'</script>");
19
+ }else{
21
20
  # 2. build url to get the access token
22
21
  $token_url = $fidor_oauth_url . "/token";
23
22
 
24
23
  $data = array('client_id' => $app_id,
25
- 'client_secret' => $app_secret,
24
+ //'client_secret' => $app_secret, deprecated use safe Basic Auth header instead
26
25
  'code' => $code,
27
26
  'redirect_uri' => urlencode($app_url),
28
27
  'grant_type' => 'authorization_code'
29
28
  );
29
+ //Authorization Header with the value "Basic " + base64encode(username + ":" + password)
30
+ $basic_auth = base64_encode($app_id.":".$app_secret );
31
+ // build header
32
+ $headers = "Content-type: application/x-www-form-urlencoded\r\n" .
33
+ "Authorization: Basic ".$basic_auth."\r\n";
30
34
  // use key 'http' even if you send the request to https://...
31
35
  $options = array(
32
36
  'http' => array(
33
- 'header' => "Content-type: application/x-www-form-urlencoded\r\n",
37
+ 'header' => $headers,
34
38
  'method' => 'POST',
35
39
  'content' => http_build_query($data),
36
40
  ),
@@ -47,5 +51,5 @@ $code = $_REQUEST["code"];
47
51
  <p>Now use the access token in the request header in your favorite PHP HTTP method or via CURL: </p>
48
52
  <blockquote>curl -v -H \"Authorization: Bearer ".$resp->access_token."\" -H \"Accept: application/vnd.fidor.de; version=1,text/json\" ".$fidor_api_url."/transactions
49
53
  </blockquote>");
50
-
54
+ }
51
55
  ?>
@@ -21,7 +21,6 @@ get '/' do
21
21
  post_params = { client_id: @client_id,
22
22
  redirect_uri: CGI::escape(@app_url),
23
23
  code: code,
24
- #client_secret: @client_secret,
25
24
  grant_type: 'authorization_code' }
26
25
  auth = {:username => @client_id, :password => @client_secret}
27
26
  resp = HTTParty.post(token_url, body: post_params, basic_auth: auth )
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fidor_starter_kits
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Georg Leciejewski
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-06 00:00:00.000000000 Z
11
+ date: 2016-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rubyzip