oauth-landing.php

<?php

session_start();

$state = $_SESSION['state'];

$incomingState = $_GET['state'];

$tempCode = $_GET['code'];

if ($state === $incomingState)
{

    $post_data = array(
        'grant_type' => 'authorization_code',
        'client_id' => '**my client id**',
        'client_secret' => '**my client secret**',
        'redirect_uri' => '**my redirect url**',
        'code' => $tempCode);

    $url = 'https://api.getmondo.co.uk/oauth2/token';

    if ($_GET['test'] == 1){
        $url = 'http://mytestendpoint.com/test.php';
    }

    $ch = curl_init();

    //provide url variable to curl object
    curl_setopt($ch, CURLOPT_URL, $url);

    // Set so curl_exec returns the result instead of outputting it.
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    //configure CURL to verify remote host
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

    // tell curl te expect post fields
    curl_setopt($ch, CURLOPT_POST, count($post_data));

    // This is the fields to post in the form of an array.
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

    // CA root keys for verification
    curl_setopt($ch, CURLOPT_CAPATH, '/etc/ssl/certs');

    // Get the response and close the channel.
    $response = curl_exec($ch);

    //check if curl request completed MUST USE ===
    if($response === false) {

        //return error if curl didn't complete
        $response = "Curl Error " . curl_error($ch);

    }

    curl_close($ch);
    echo $response;

} else {
    //ABORT
    echo 'ABORT!';

}

test.php

<?php
echo 'Grant Type: ' . $_POST['grant_type'] . '<br>';
echo 'Client ID: ' . $_POST['client_id'] . '<br>';
echo 'Client Secret: ' . $_POST['client_secret'] . '<br>';
echo 'Redirect URI: ' . $_POST['redirect_uri'] . '<br>';
echo 'Code: ' . $_POST['code'] . '<br>';