Difference between revisions of "CMU OAUTH PHP CLASS"
From CMU ITSC Network
| Line 236: | Line 236: | ||
<syntaxhighlight lang=php> | <syntaxhighlight lang=php> | ||
<?php | <?php | ||
| + | session_start(); | ||
// provide your application id,secret and redirect uri | // provide your application id,secret and redirect uri | ||
$appId = 'your cmu ouath client ID'; | $appId = 'your cmu ouath client ID'; | ||
| Line 249: | Line 250: | ||
$cmuOauth->setCallbackUri($callbackUri); | $cmuOauth->setCallbackUri($callbackUri); | ||
| − | if(isset($_GET['code'])){ | + | if(!isset($_GET['code'])){ |
| − | // code parse from CMU Oauth to your redirect uri. | + | //set state |
| + | $_SESSION['oauth2state'] = $cmuOauth->setState(); | ||
| + | |||
| + | // initial redirect to CMU Oauth login page. | ||
| + | $cmuOauth->initOauth(); | ||
| + | |||
| + | // Check given state against previously stored one to mitigate CSRF attack | ||
| + | } elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){ | ||
| + | if (isset($_SESSION['oauth2state'])) { | ||
| + | unset($_SESSION['oauth2state']); | ||
| + | } | ||
| + | exit('Invalid state'); | ||
| + | } else { | ||
| + | // code parse from CMU Oauth to your redirect uri. | ||
$code = $_GET['code']; | $code = $_GET['code']; | ||
// get access token from code. | // get access token from code. | ||
| Line 262: | Line 276: | ||
// else destroy session | // else destroy session | ||
if($userInfo->status===true){ | if($userInfo->status===true){ | ||
| − | |||
$sid = session_id(); | $sid = session_id(); | ||
$_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th"; | $_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th"; | ||
| Line 273: | Line 286: | ||
header("location: https://example.com/403.html"); | header("location: https://example.com/403.html"); | ||
exit(); | exit(); | ||
| − | } | + | } |
| − | |||
| − | |||
| − | |||
} | } | ||
?> | ?> | ||
Revision as of 10:46, 11 December 2017
Introduction
Authorization Code Flow
from CMU OAuth
Requirement
Methods
Constructor
Set Client ID, Client Secret, Redirect URI
| __construct([string $appId, string $clientSecret, string $redirectURI]) |
| name | description |
| appId | cmu oauth Client ID |
| clientSecret | cmu oauth Client Secret |
| redirectURI | cmu oauth Redirect URI |
| no return value |
setAppId
set Client ID
| setAppId(string $appid) |
| name | description |
| appid | cmu oauth Client ID |
| no return value |
setAppSecret
Set Client Secret
| setAppSecret(string $appSecret) |
| name | description |
| appSecret | cmu oauth Client Secret |
| no return value |
setCallbackUri
Set Redirect URI
| setCallbackUri(string $uri) |
| name | description |
| uri | Application Callback / Redirect URI |
| no return value |
setState
Set state
| setCallbackUri() |
| no parameters |
| String |
| Random String |
initOauth
Initial redirect to CMU Oauth for authorization.
| initOauth() |
| no parameter |
| no return value |
getAccessToken
Get user's authorized access token.
| object getAccessToken(string $code) |
| name | description |
| code | code that parse by CMU Oauth to redirect URI. |
| object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": "23178027621214615262"
}
|
getUserInfo
Get user's information by user's authorized access token.
| object getUserInfo(string $accessToken) |
| name | description |
| accessToken | user's authorized access token |
| object |
{
"status": true,
"data": {
"timestamp": "2017-03-31T17:30:55.7933253+07:00",
"itaccount_name": "jon_s",
"citizen_id": "1111111111111",
"student_id": "520510999",
"prefix": {
"en_US": "Mr.",
"th_TH": "นาย"
},
"first_name": {
"en_US": "JON",
"th_TH": "จอน"
},
"last_name": {
"en_US": "SNOW",
"th_TH": "สโนว์"
},
"organization": {
"code": "05",
"name": {
"en_US": "Faculty of Science",
"th_TH": "คณะวิทยาศาสตร์"
}
},
"itaccount_type": {
"id": "AlumAcc",
"en_US": "Alumni Account",
"th_TH": "นักศึกษาเก่า"
}
}
}
|
Examples
callback.php
<?php
session_start();
// provide your application id,secret and redirect uri
$appId = 'your cmu ouath client ID';
$appSecret = 'your cmu oauth client secret';
$callbackUri = 'your cmu oauth Redirect URI';
require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri);
if(!isset($_GET['code'])){
//set state
$_SESSION['oauth2state'] = $cmuOauth->setState();
// initial redirect to CMU Oauth login page.
$cmuOauth->initOauth();
// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
// code parse from CMU Oauth to your redirect uri.
$code = $_GET['code'];
// get access token from code.
$accessToken = $cmuOauth->getAccessToken($code);
// get user information from access token.
$userInfo = $cmuOauth->getUserInfo($accessToken->access_token);
// do login process
// create session if status == true, refer to return values of cmuOauth::getUserInfo
// else destroy session
if($userInfo->status===true){
$sid = session_id();
$_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th";
header("location: https://example.com/main.html");
exit();
}else {
session_start();
unset($_SESSION["user_$sid"]);
session_destroy();
header("location: https://example.com/403.html");
exit();
}
}
?>
