+ $header = [
+ 'Accept' => 'application/x-dfrn+json, application/x-zot+json',
+ 'X-Open-Web-Auth' => Strings::getRandomHex()
+ ];
+
+ // Create a header that is signed with the local users private key.
+ $header = HTTPSignature::createSig(
+ $header,
+ $owner['prvkey'],
+ 'acct:' . $owner['addr']
+ );
+
+ $this->logger->info('Fetch from remote system', ['basepath' => $basepath, 'headers' => $header]);
+
+ // Try to get an authentication token from the other instance.
+ try {
+ $curlResult = $this->httpClient->request('get', $basepath . '/owa', [HttpClientOptions::HEADERS => $header]);
+ } catch (Exception $exception) {
+ $this->logger->notice('URL is invalid, redirecting to destination.', ['url' => $basepath, 'error' => $exception, 'dest' => $dest]);
+ System::externalRedirect($dest);
+ }
+ if (!$curlResult->isSuccess()) {
+ $this->logger->notice('OWA request failed, redirecting to destination.', ['returncode' => $curlResult->getReturnCode(), 'dest' => $dest]);
+ System::externalRedirect($dest);
+ }
+
+ $j = json_decode($curlResult->getBody(), true);
+ if (empty($j) || !$j['success']) {
+ $this->logger->notice('Invalid JSON, redirecting to destination.', ['json' => $j, 'dest' => $dest]);
+ $this->app->redirect($dest);
+ }
+
+ if ($j['encrypted_token']) {
+ // The token is encrypted. If the local user is really the one the other instance
+ // thinks they is, the token can be decrypted with the local users public key.
+ $token = '';
+ openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $owner['prvkey']);
+ } else {
+ $token = $j['token'];