/* Autorisation avec OAuth Server by DnC OpenID Connect : Introspection, méthode Auth Header */ function oauth_authorize($idtoken) { $Ok = false; if ( !empty( $idtoken) ) { $h = curl_init(AUTHENTICATION_SERVER_URL . 'introspect'); curl_setopt($h, CURLOPT_RETURNTRANSFER, true); curl_setopt($h, CURLOPT_TIMEOUT, 10); curl_setopt($h, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $idtoken)); $response = curl_exec($h); if ( (int)curl_getinfo($h)['http_code'] === 200 ) { $jwt = json_decode($response, true); $Ok = ( $jwt['active'] == true ); } } if ( $Ok AND isset($_SERVER["HTTP_REFERER"]) ) { $urlParts = parse_url($_SERVER["HTTP_REFERER"]); if ( $urlParts['host'] !== $_SERVER["HTTP_HOST"] ) { // CORS : autoriser l'origine $issuer = $urlParts['scheme'] . "://" . $urlParts['host']; include_spip('inc/headers'); header('Access-Control-Allow-Origin', $issuer); } } return $Ok; }