Merge pull request #4 from gyselroth/v0

v0.0.8
gyselroth · Oct 22, 2018 · 6c50067 · 6c50067
2 parents b0709bb + 73cf8d8
commit 6c50067
Showing 1 changed file with 14 additions and 15 deletions.
diff --git a/src/Adapter/Oidc.php b/src/Adapter/Oidc.php
@@ -104,30 +104,29 @@ public function setOptions(? Iterable $config = null): AdapterInterface
      */
     public function authenticate(): bool
     {
-        if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
-            $this->logger->debug('skip auth adapter ['.get_class($this).'], no http authorization header or access_token param found', [
+        if (isset($_GET['access_token'])) {
+            $this->logger->warning('found access_token in query string, you should use a bearer token instead due security reasons https://tools.ietf.org/html/rfc6750#section-2.3', [
                 'category' => get_class($this),
             ]);
 
-            return false;
+            return $this->verifyToken($_GET['access_token']);
         }
-        $header = $_SERVER['HTTP_AUTHORIZATION'];
-        $parts = explode(' ', $header);
+        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+            $header = $_SERVER['HTTP_AUTHORIZATION'];
+            $parts = explode(' ', $header);
 
-        if ('Bearer' === $parts[0]) {
-            $this->logger->debug('found http bearer authorization header', [
+            if ('Bearer' === $parts[0]) {
+                $this->logger->debug('found http bearer authorization header', [
                     'category' => get_class($this),
                 ]);
 
-            return $this->verifyToken($parts[1]);
-        }
-
-        if (isset($_GET['access_token'])) {
-            $this->logger->warning('found access_token in query string, you should use a bearer token instead due security reasons https://tools.ietf.org/html/rfc6750#section-2.3', [
-                'category' => get_class($this),
-            ]);
+                return $this->verifyToken($parts[1]);
+            }
+            $this->logger->debug('no bearer token provided', [
+                    'category' => get_class($this),
+                ]);
 
-            return $this->verifyToken($_GET['access_token']);
+            return false;
         }
 
         $this->logger->debug('http authorization header contains no bearer string or invalid authentication string', [