ticket-endpoint.php

<?php
require('vendor/autoload.php');

# Note: this is a single-user endpoint so will ignore the audience parameter

# Do I care about this resource URL? 
# Endpoints may make this decision differently depending on various criteria.
# Is this already someone I follow?
# Am I interested in knowing about anyone who is offering to share with me?

# Redeem the ticket for an access token

$resource_url = $_POST['resource'];

$http = new p3k\HTTP();
$response = $http->get($resource_url);

if(!isset($response['rels']['token_endpoint'][0])) {
	# The response here doesn't really matter, but maybe the other user would want to know whether this user has tried to get an access token or completely ignore the request
	die('no token endpoint found for '.$resource_url);
}

$token_endpoint = $response['rels']['token_endpoint'][0];

$response = $http->post($token_endpoint, [
	'grant_type' => 'ticket',
	'ticket' => $_POST['ticket'],
]);
$data = json_decode($response['body'], true);

if(isset($data['access_token'])) {
	# Store the access token for later, send it to the microsub server, whatever
	$token = [
		'resource' => $resource_url,
		'access_token' => $data['access_token'],
		'token_response' => $response,
	];
	file_put_contents('tokens/'.date('Ymd-His').'.txt', json_encode($token, JSON_PRETTY_PRINT+JSON_UNESCAPED_SLASHES));
	echo 'got it';
} else {
	echo 'no access token returned: ';
	echo $response['body'];
}