- session_destroy();
- header('Location: /');
-
- exit;
- } else if (isset($_GET['code']) && $_GET['code']) {
- // we have a code on the address line so lets parse and exchange
-
- // validate the state/nonce
- if (isset($_SESSION['nonce']) && isset($_GET['state']) && $_SESSION['nonce'] == $_GET['state']) {
- // lets exchange the code for an access token
- $ch = curl_init('https://id.twitch.tv/oauth2/token');
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, array(
- 'client_id' => CLIENT_ID,
- 'client_secret' => CLIENT_SECRET,
- 'code' => $_GET['code'],
- 'grant_type' => 'authorization_code',
- 'redirect_uri' => REDIRECT_URI
- ));
-