Difference between revisions of "CMU OAUTH PHP CLASS"
From CMU ITSC Network
| Line 169: | Line 169: | ||
|} | |} | ||
| − | === | + | === getAccessTokenAuthCode === |
| − | Get user's authorized access token. | + | Get user's authorized access token for authorization code flow. |
{| class="wikitable" | {| class="wikitable" | ||
|+ style="text-align:left;"|Description | |+ style="text-align:left;"|Description | ||
|- | |- | ||
| − | |object | + | |object getAccessTokenAuthCode(string $code) |
|} | |} | ||
| Line 198: | Line 198: | ||
|} | |} | ||
| − | === | + | === getAccessTokenClientCred === |
| − | Get | + | Get access token for client credential flow. |
{| class="wikitable" | {| class="wikitable" | ||
|+ style="text-align:left;"|Description | |+ style="text-align:left;"|Description | ||
|- | |- | ||
| − | |object | + | |object getAccessTokenClientCred() |
|} | |} | ||
| Line 209: | Line 209: | ||
|+ style="text-align:left;"|Parameters | |+ style="text-align:left;"|Parameters | ||
|- | |- | ||
| − | | | + | |no parameter |
| − | |||
| − | |||
| − | |||
|} | |} | ||
| Line 221: | Line 218: | ||
|- | |- | ||
|<syntaxhighlight lang=json>{ | |<syntaxhighlight lang=json>{ | ||
| − | " | + | "access_token": "66822448858031556636", |
| − | + | "expires_in": 3600, | |
| − | + | "refresh_token": null | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
}</syntaxhighlight> | }</syntaxhighlight> | ||
|} | |} | ||
| + | |||
| + | |||
== Examples == | == Examples == | ||
Revision as of 10:20, 26 February 2018
Introduction
Authorization Code Flow
from CMU OAuth
Requirement
Methods
Constructor
Set Client ID, Client Secret, Redirect URI
| __construct([string $appId, string $clientSecret, string $redirectURI]) |
| name | description |
| appId | cmu oauth Client ID |
| clientSecret | cmu oauth Client Secret |
| redirectURI | cmu oauth Redirect URI |
| no return value |
setAppId
set Client ID
| setAppId(string $appid) |
| name | description |
| appid | cmu oauth Client ID |
| no return value |
setAppSecret
Set Client Secret
| setAppSecret(string $appSecret) |
| name | description |
| appSecret | cmu oauth Client Secret |
| no return value |
setCallbackUri
Set Redirect URI
| setCallbackUri(string $uri) |
| name | description |
| uri | Application Callback / Redirect URI |
| no return value |
setScope
Set scope
| setScope(string $scope) |
| name | description |
| scope | access token scope name comma separate value |
| no return value |
setState
Set state
| setState() |
| no parameters |
| String |
| Random String |
initOauth
Initial redirect to CMU Oauth for authorization.
| initOauth() |
| no parameter |
| no return value |
getAccessTokenAuthCode
Get user's authorized access token for authorization code flow.
| object getAccessTokenAuthCode(string $code) |
| name | description |
| code | code that parse by CMU Oauth to redirect URI. |
| object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": "23178027621214615262"
}
|
getAccessTokenClientCred
Get access token for client credential flow.
| object getAccessTokenClientCred() |
| no parameter |
| object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": null
}
|
Examples
callback.php
<?php
session_start();
// provide your application id,secret and redirect uri
$appId = 'your cmu ouath client ID';
$appSecret = 'your cmu oauth client secret';
$callbackUri = 'your cmu oauth Redirect URI';
require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri);
if(!isset($_GET['code'])){
//set state
$_SESSION['oauth2state'] = $cmuOauth->setState();
// initial redirect to CMU Oauth login page.
$cmuOauth->initOauth();
// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
// code parse from CMU Oauth to your redirect uri.
$code = $_GET['code'];
// get access token from code.
$accessToken = $cmuOauth->getAccessToken($code);
// get user information from access token.
$userInfo = $cmuOauth->getUserInfo($accessToken->access_token);
// do login process
// create session if status == true, refer to return values of cmuOauth::getUserInfo
// else destroy session
if($userInfo->status===true){
$sid = session_id();
$_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th";
header("location: https://example.com/main.html");
exit();
}else {
session_start();
unset($_SESSION["user_$sid"]);
session_destroy();
header("location: https://example.com/403.html");
exit();
}
}
?>
