settings = $settings; } public function handle(ServerRequestInterface $request): ResponseInterface { $actor = RequestUtil::getActor($request); $actor->assertRegistered(); $params = $request->getParsedBody(); $oauth = new OAuth($this->settings); $server = $oauth->server(); $request = $oauth->request()::createFromGlobals(); $response = $oauth->response(); if (!$server->validateAuthorizeRequest($request, $response)) { $response->getResponseBody(); return new JsonResponse(json_decode($response->getResponseBody(), true)); } $is_authorized = Arr::get($params, 'is_authorized', 0); $server->handleAuthorizeRequest($request, $response, $is_authorized, $actor->id); if ($is_authorized) { // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); return new JsonResponse([ 'code' => $code ]); } $response->getResponseBody(); return new JsonResponse(json_decode($response->getResponseBody(), true)); } }