<?php

require('_common.php');

use authkit2\Authkit2;

// Initialize the three-legged oauth flow
$flow = new \authkit2\Oidc\Flows\UserFlow(Authkit2::get_client());

// Step 2: Exchange the authentication code for a actual token

// First, validate state to ensure this request is a response to the one we
// triggered by validating the nonce
$state = $_GET['state'];
try
{
	$flow->validateState($state);
}
catch (\Exception $ex)
{
	die('Invalid state returned');
}

// If that passes, then we can exchange the authentication code for a token
$code = $_GET['code'];
$token = $flow->exchangeCodeForToken($code, OPENID_CALLBACK_URL);

// Set the token in the session
$_SESSION['access_token'] = $token->getAccessToken();
$_SESSION['refresh_token'] = $token->getRefreshToken();

// Now redirect them back to the home page!
header('Location: index.php');