Difference between revisions of "CMU OAUTH PHP CLASS"
From CMU ITSC Network
(26 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
+ | Authorization Code Flow<br> | ||
+ | [[File:CMUOAuth-authozizationcode flow.jpg|link=]]<br> | ||
+ | from [https://oauth.cmu.ac.th CMU OAuth] | ||
+ | == Requirement == | ||
+ | [http://php.net/manual/en/book.curl.php php_curl] | ||
+ | == Methods == | ||
+ | === Constructor === | ||
+ | Set Client ID, Client Secret, Redirect URI | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |__construct([string $appId, string $clientSecret, string $redirectURI]) | ||
+ | |} | ||
− | == | + | {| class="wikitable" |
− | + | |+ style="text-align:left;"|Parameters | |
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |appId | ||
+ | |cmu oauth Client ID | ||
+ | |- | ||
+ | |clientSecret | ||
+ | |cmu oauth Client Secret | ||
+ | |- | ||
+ | |redirectURI | ||
+ | |cmu oauth Redirect URI | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
=== setAppId === | === setAppId === | ||
+ | set Client ID | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setAppId(string $appid) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |appid | ||
+ | |cmu oauth Client ID | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
+ | |||
+ | === setAppSecret === | ||
+ | Set Client Secret | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setAppSecret(string $appSecret) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |appSecret | ||
+ | |cmu oauth Client Secret | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
+ | |||
+ | === setCallbackUri=== | ||
+ | Set Redirect URI | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setCallbackUri(string $uri) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |uri | ||
+ | |Application Callback / Redirect URI | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
+ | |||
+ | |||
+ | === setScope=== | ||
+ | Set scope | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setScope(string $scope) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |scope | ||
+ | |access token scope name comma separate value | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
+ | |||
+ | === setState=== | ||
+ | Set state | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setState() | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |no parameters | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | String | ||
+ | |- | ||
+ | | Random String | ||
+ | |} | ||
+ | |||
+ | === initOauth === | ||
+ | Initial redirect to CMU Oauth for authorization. | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |initOauth() | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |no parameter | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
+ | |||
+ | === getAccessTokenAuthCode === | ||
+ | Get user's authorized access token for authorization code flow. | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |object getAccessTokenAuthCode(string $code) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |code | ||
+ | |code that parse by CMU Oauth to redirect URI. | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"| Return Values | ||
+ | |- | ||
+ | | object | ||
+ | |- | ||
+ | |<syntaxhighlight lang=json>{ | ||
+ | "access_token": "66822448858031556636", | ||
+ | "expires_in": 3600, | ||
+ | "refresh_token": "23178027621214615262" | ||
+ | }</syntaxhighlight> | ||
+ | |} | ||
+ | |||
+ | === getAccessTokenClientCred === | ||
+ | Get access token for client credential flow. | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |object getAccessTokenClientCred() | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |no parameter | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"| Return Values | ||
+ | |- | ||
+ | | object | ||
+ | |- | ||
+ | |<syntaxhighlight lang=json>{ | ||
+ | "access_token": "66822448858031556636", | ||
+ | "expires_in": 3600, | ||
+ | "refresh_token": null | ||
+ | }</syntaxhighlight> | ||
+ | |} | ||
+ | |||
+ | |||
+ | |||
== Examples == | == Examples == | ||
+ | callback.php | ||
+ | <syntaxhighlight lang=php> | ||
+ | <?php | ||
+ | session_start(); | ||
+ | // provide your application id,secret and redirect uri | ||
+ | $appId = ''; | ||
+ | $appSecret = ''; | ||
+ | $callbackUri[5] = 'http://localhost/php5/callback.php'; | ||
+ | $callbackUri[7] = 'http://localhost/php7/callback.php'; | ||
+ | $scope = 'cmuitaccount.basicinfo'; | ||
+ | |||
+ | require('cmu.oauth.class.php'); | ||
+ | // new CMU Oauth Instance. | ||
+ | $cmuOauth = new cmuOauth(); | ||
+ | // set your application id,secret and redirect uri | ||
+ | $cmuOauth->setAppId($appId); | ||
+ | $cmuOauth->setAppSecret($appSecret); | ||
+ | $cmuOauth->setCallbackUri($callbackUri[PHP_MAJOR_VERSION]); | ||
+ | $cmuOauth->setScope($scope); | ||
+ | |||
+ | if (isset($_GET['error'])) { | ||
+ | session_destroy(); | ||
+ | exit($_GET['error']); | ||
+ | } elseif(!isset($_GET['code'])){ | ||
+ | //set state | ||
+ | $_SESSION['oauth2state'] = $cmuOauth->setState(); | ||
+ | |||
+ | // initial redirect to CMU Oauth login page. | ||
+ | $cmuOauth->initOauth(); | ||
+ | |||
+ | // Check given state against previously stored one to mitigate CSRF attack | ||
+ | } elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){ | ||
+ | if (isset($_SESSION['oauth2state'])) { | ||
+ | unset($_SESSION['oauth2state']); | ||
+ | } | ||
+ | exit('Invalid state'); | ||
+ | } else { | ||
+ | // code parse from CMU Oauth to your redirect uri. | ||
+ | $code = $_GET['code']; | ||
+ | // get access token from code. | ||
+ | $accessToken = $cmuOauth->getAccessTokenAuthCode($code); | ||
+ | $_SESSION['accessToken']=$accessToken->access_token; | ||
+ | echo "<pre>"; | ||
+ | var_dump($accessToken); | ||
+ | echo "</pre>"; | ||
+ | echo "<a href=\"userInfo.php\">View User Info</a>"; | ||
+ | echo "<br>"; | ||
+ | echo "<a href=\"index.php\">Home</a>"; | ||
+ | } | ||
+ | ?> | ||
+ | </syntaxhighlight> | ||
+ | |||
== Download == | == Download == | ||
+ | [https://myweb.cmu.ac.th/supawit.w/cmu.oauth.class.php.zip cmu.oauth.class.php.zip] | ||
== Reference == | == Reference == | ||
− | [https://oauth.cmu.ac.th] | + | [https://oauth.cmu.ac.th https://oauth.cmu.ac.th]<br> |
+ | [https://tools.ietf.org/html/rfc6749 https://tools.ietf.org/html/rfc6749] |
Latest revision as of 09:27, 2 February 2024
Introduction
Authorization Code Flow
from CMU OAuth
Requirement
Methods
Constructor
Set Client ID, Client Secret, Redirect URI
__construct([string $appId, string $clientSecret, string $redirectURI]) |
name | description |
appId | cmu oauth Client ID |
clientSecret | cmu oauth Client Secret |
redirectURI | cmu oauth Redirect URI |
no return value |
setAppId
set Client ID
setAppId(string $appid) |
name | description |
appid | cmu oauth Client ID |
no return value |
setAppSecret
Set Client Secret
setAppSecret(string $appSecret) |
name | description |
appSecret | cmu oauth Client Secret |
no return value |
setCallbackUri
Set Redirect URI
setCallbackUri(string $uri) |
name | description |
uri | Application Callback / Redirect URI |
no return value |
setScope
Set scope
setScope(string $scope) |
name | description |
scope | access token scope name comma separate value |
no return value |
setState
Set state
setState() |
no parameters |
String |
Random String |
initOauth
Initial redirect to CMU Oauth for authorization.
initOauth() |
no parameter |
no return value |
getAccessTokenAuthCode
Get user's authorized access token for authorization code flow.
object getAccessTokenAuthCode(string $code) |
name | description |
code | code that parse by CMU Oauth to redirect URI. |
object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": "23178027621214615262"
}
|
getAccessTokenClientCred
Get access token for client credential flow.
object getAccessTokenClientCred() |
no parameter |
object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": null
}
|
Examples
callback.php
<?php
session_start();
// provide your application id,secret and redirect uri
$appId = '';
$appSecret = '';
$callbackUri[5] = 'http://localhost/php5/callback.php';
$callbackUri[7] = 'http://localhost/php7/callback.php';
$scope = 'cmuitaccount.basicinfo';
require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri[PHP_MAJOR_VERSION]);
$cmuOauth->setScope($scope);
if (isset($_GET['error'])) {
session_destroy();
exit($_GET['error']);
} elseif(!isset($_GET['code'])){
//set state
$_SESSION['oauth2state'] = $cmuOauth->setState();
// initial redirect to CMU Oauth login page.
$cmuOauth->initOauth();
// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
// code parse from CMU Oauth to your redirect uri.
$code = $_GET['code'];
// get access token from code.
$accessToken = $cmuOauth->getAccessTokenAuthCode($code);
$_SESSION['accessToken']=$accessToken->access_token;
echo "<pre>";
var_dump($accessToken);
echo "</pre>";
echo "<a href=\"userInfo.php\">View User Info</a>";
echo "<br>";
echo "<a href=\"index.php\">Home</a>";
}
?>