diff -ur a/auth/services_oauth/services_oauth.inc b/auth/services_oauth/services_oauth.inc --- a/auth/services_oauth/services_oauth.inc 2011-11-07 14:22:06.000000000 -0800 +++ b/auth/services_oauth/services_oauth.inc 2011-11-17 18:45:28.714178430 -0800 @@ -18,7 +18,11 @@ * Returns nothing, or a error message if authentication fails */ function _services_oauth_authenticate_call($settings, $method, $args) { - $endpoint = $method['endpoint']['services_oauth']; + if (isset($method['endpoint']['services_oauth'])) { + $endpoint = $method['endpoint']['services_oauth']; + } else { + $endpoint = $settings; + } $cred = isset($endpoint['credentials']) ? $endpoint['credentials'] : 'token'; $auth_level = isset($endpoint['authorization']) ? $endpoint['authorization'] : '*'; @@ -62,9 +66,17 @@ // Load the user if the request was authenticated using a token // that's associated with a account. - if ($token->uid) { - global $user; - $user = user_load($token->uid); + if ($cred == 'token') { + if ($token->uid) { + global $user; + $user = user_load($token->uid); + } + } else if ($cred == 'consumer') { + if ($consumer->uid) { + /* this authenticates as the user who owns 'key'; It is for 2-stage OAuth and is vastly inferior to 3-stage OAuth */ + global $user; + $user = user_load($consumer->uid); + } } } catch (OAuthException $e) { @@ -84,22 +96,60 @@ '#description' => t('The OAuth contexts provides a scope for consumers and authorizations and have their own authorization levels. Different services endpoints may share OAuth contexts and thereby allow the use of consumers and tokens across the services endpoint boundraries.'), ); + $form['authorization'] = array( + '#type' => 'select', + '#options' => array('' => t('-- Select an authorization level')), + '#default_value' => isset($settings['authorization']) ? $settings['authorization'] : '', + '#title' => t('OAuth Authorization'), + '#required' => TRUE, + '#description' => t('This defines according to the OAuth context what the login will have access to, within this site,'), + ); + $contexts = oauth_common_context_load_all(); foreach ($contexts as $context) { $form['oauth_context']['#options'][$context->name] = $context->title; + if(isset($context->authorization_levels)) { + foreach ($context->authorization_levels as $name => $level) { + $form['authorization']['#options'][$name] = $context->name . '/' . t($level['title']); + } + } + } + $form['credentials'] = array( + '#type' => 'select', + '#options' => array( + 'none' => t('None'), + // 'unsigned_consumer' => t('Unsigned with consumer key'), // unless someone can suggest what this should do, skipping. + 'consumer' => t('Consumer key, also known as 2-legged OAuth'), + 'token' => t('Consumer key and access token, also known as 3-legged OAuth'), + ), + '#default_value' => isset($settings['credentials']) ? $settings['credentials'] : 'token', + '#title' => t('Required authentication'), + '#description' => t('Authorization levels will not be applied if the consumer isn\'t required to supply a access token.'), + ); + return $form; } function _services_oauth_controller_settings($settings, $controller, $endpoint, $class, $name) { $form = array(); - $cc = $controller['endpoint']['services_oauth']; + if(isset($controller['settings']) && isset($controller['settings']['services_oauth'])) { + $cc = $controller['settings']['services_oauth']; + } else { + $cc = $controller['endpoint']['services_oauth']; + } $auth_levels = array(); - $context = oauth_common_context_load($settings['oauth_context']); - foreach ($context->authorization_levels as $name => $level) { - $auth_levels[$name] = t($level['title']); + if(is_array($settings)) { + $context = oauth_common_context_load($settings['oauth_context']); + } else { + $context = new StdClass(); + } + if(isset($context->authorization_levels)) { + foreach ($context->authorization_levels as $name => $level) { + $auth_levels[$name] = t($level['title']); + } } $form['credentials'] = array(