Difference between revisions of "CMU OAUTH PHP CLASS"
From CMU ITSC Network
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | == Introduction == | ||
+ | Authorization Code Flow<br> | ||
+ | [[File:CMUOAuth-authozizationcode flow.jpg|link=]]<br> | ||
+ | from [https://oauth.cmu.ac.th CMU OAuth] | ||
+ | == Requirement == | ||
+ | [http://php.net/manual/en/book.curl.php php_curl] | ||
== Methods == | == Methods == | ||
=== Constructor === | === Constructor === | ||
Line 96: | Line 102: | ||
| no return value | | no return value | ||
|} | |} | ||
+ | |||
+ | |||
+ | === setScope=== | ||
+ | Set scope | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setScope(string $scope) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |scope | ||
+ | |access token scope name comma separate value | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
+ | |||
+ | === setState=== | ||
+ | Set state | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setState() | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |no parameters | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | String | ||
+ | |- | ||
+ | | Random String | ||
+ | |} | ||
+ | |||
=== initOauth === | === initOauth === | ||
Initial redirect to CMU Oauth for authorization. | Initial redirect to CMU Oauth for authorization. | ||
Line 116: | Line 169: | ||
|} | |} | ||
− | === | + | === getAccessTokenAuthCode === |
− | Get user's authorized access token. | + | Get user's authorized access token for authorization code flow. |
{| class="wikitable" | {| class="wikitable" | ||
|+ style="text-align:left;"|Description | |+ style="text-align:left;"|Description | ||
|- | |- | ||
− | |object | + | |object getAccessTokenAuthCode(string $code) |
|} | |} | ||
Line 138: | Line 191: | ||
| object | | object | ||
|- | |- | ||
− | |< | + | |<syntaxhighlight lang=json>{ |
"access_token": "66822448858031556636", | "access_token": "66822448858031556636", | ||
"expires_in": 3600, | "expires_in": 3600, | ||
"refresh_token": "23178027621214615262" | "refresh_token": "23178027621214615262" | ||
− | }</ | + | }</syntaxhighlight> |
|} | |} | ||
− | === | + | === getAccessTokenClientCred === |
− | Get | + | Get access token for client credential flow. |
{| class="wikitable" | {| class="wikitable" | ||
|+ style="text-align:left;"|Description | |+ style="text-align:left;"|Description | ||
|- | |- | ||
− | |object | + | |object getAccessTokenClientCred() |
|} | |} | ||
Line 156: | Line 209: | ||
|+ style="text-align:left;"|Parameters | |+ style="text-align:left;"|Parameters | ||
|- | |- | ||
− | | | + | |no parameter |
− | |||
− | |||
− | |||
|} | |} | ||
Line 167: | Line 217: | ||
| object | | object | ||
|- | |- | ||
− | |< | + | |<syntaxhighlight lang=json>{ |
− | " | + | "access_token": "66822448858031556636", |
− | + | "expires_in": 3600, | |
− | + | "refresh_token": null | |
− | + | }</syntaxhighlight> | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | }</ | ||
|} | |} | ||
+ | |||
+ | |||
== Examples == | == Examples == | ||
callback.php | callback.php | ||
− | <syntaxhighlight lang= | + | <syntaxhighlight lang=php> |
<?php | <?php | ||
+ | session_start(); | ||
// provide your application id,secret and redirect uri | // provide your application id,secret and redirect uri | ||
− | $appId = ' | + | $appId = ''; |
− | $appSecret = ' | + | $appSecret = ''; |
− | $callbackUri = ' | + | $callbackUri[5] = 'http://localhost/php5/callback.php'; |
+ | $callbackUri[7] = 'http://localhost/php7/callback.php'; | ||
+ | $scope = 'cmuitaccount.basicinfo'; | ||
require('cmu.oauth.class.php'); | require('cmu.oauth.class.php'); | ||
Line 217: | Line 244: | ||
$cmuOauth->setAppId($appId); | $cmuOauth->setAppId($appId); | ||
$cmuOauth->setAppSecret($appSecret); | $cmuOauth->setAppSecret($appSecret); | ||
− | $cmuOauth->setCallbackUri($callbackUri); | + | $cmuOauth->setCallbackUri($callbackUri[PHP_MAJOR_VERSION]); |
+ | $cmuOauth->setScope($scope); | ||
− | if(isset($_GET['code'])){ | + | if (isset($_GET['error'])) { |
+ | session_destroy(); | ||
+ | exit($_GET['error']); | ||
+ | } elseif(!isset($_GET['code'])){ | ||
+ | //set state | ||
+ | $_SESSION['oauth2state'] = $cmuOauth->setState(); | ||
+ | |||
+ | // initial redirect to CMU Oauth login page. | ||
+ | $cmuOauth->initOauth(); | ||
+ | |||
+ | // Check given state against previously stored one to mitigate CSRF attack | ||
+ | } elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){ | ||
+ | if (isset($_SESSION['oauth2state'])) { | ||
+ | unset($_SESSION['oauth2state']); | ||
+ | } | ||
+ | exit('Invalid state'); | ||
+ | } else { | ||
// code parse from CMU Oauth to your redirect uri. | // code parse from CMU Oauth to your redirect uri. | ||
$code = $_GET['code']; | $code = $_GET['code']; | ||
// get access token from code. | // get access token from code. | ||
− | $accessToken = $cmuOauth-> | + | $accessToken = $cmuOauth->getAccessTokenAuthCode($code); |
− | + | $_SESSION['accessToken']=$accessToken->access_token; | |
− | + | echo "<pre>"; | |
− | + | var_dump($accessToken); | |
− | + | echo "</pre>"; | |
− | + | echo "<a href=\"userInfo.php\">View User Info</a>"; | |
− | + | echo "<br>"; | |
− | + | echo "<a href=\"index.php\">Home</a>"; | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
} | } | ||
?> | ?> | ||
Line 252: | Line 280: | ||
== Download == | == Download == | ||
− | [ | + | [https://myweb.cmu.ac.th/supawit.w/cmu.oauth.class.php.zip cmu.oauth.class.php.zip] |
+ | |||
== Reference == | == Reference == | ||
[https://oauth.cmu.ac.th https://oauth.cmu.ac.th]<br> | [https://oauth.cmu.ac.th https://oauth.cmu.ac.th]<br> | ||
[https://tools.ietf.org/html/rfc6749 https://tools.ietf.org/html/rfc6749] | [https://tools.ietf.org/html/rfc6749 https://tools.ietf.org/html/rfc6749] |
Latest revision as of 09:27, 2 February 2024
Introduction
Authorization Code Flow
from CMU OAuth
Requirement
Methods
Constructor
Set Client ID, Client Secret, Redirect URI
__construct([string $appId, string $clientSecret, string $redirectURI]) |
name | description |
appId | cmu oauth Client ID |
clientSecret | cmu oauth Client Secret |
redirectURI | cmu oauth Redirect URI |
no return value |
setAppId
set Client ID
setAppId(string $appid) |
name | description |
appid | cmu oauth Client ID |
no return value |
setAppSecret
Set Client Secret
setAppSecret(string $appSecret) |
name | description |
appSecret | cmu oauth Client Secret |
no return value |
setCallbackUri
Set Redirect URI
setCallbackUri(string $uri) |
name | description |
uri | Application Callback / Redirect URI |
no return value |
setScope
Set scope
setScope(string $scope) |
name | description |
scope | access token scope name comma separate value |
no return value |
setState
Set state
setState() |
no parameters |
String |
Random String |
initOauth
Initial redirect to CMU Oauth for authorization.
initOauth() |
no parameter |
no return value |
getAccessTokenAuthCode
Get user's authorized access token for authorization code flow.
object getAccessTokenAuthCode(string $code) |
name | description |
code | code that parse by CMU Oauth to redirect URI. |
object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": "23178027621214615262"
}
|
getAccessTokenClientCred
Get access token for client credential flow.
object getAccessTokenClientCred() |
no parameter |
object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": null
}
|
Examples
callback.php
<?php
session_start();
// provide your application id,secret and redirect uri
$appId = '';
$appSecret = '';
$callbackUri[5] = 'http://localhost/php5/callback.php';
$callbackUri[7] = 'http://localhost/php7/callback.php';
$scope = 'cmuitaccount.basicinfo';
require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri[PHP_MAJOR_VERSION]);
$cmuOauth->setScope($scope);
if (isset($_GET['error'])) {
session_destroy();
exit($_GET['error']);
} elseif(!isset($_GET['code'])){
//set state
$_SESSION['oauth2state'] = $cmuOauth->setState();
// initial redirect to CMU Oauth login page.
$cmuOauth->initOauth();
// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
// code parse from CMU Oauth to your redirect uri.
$code = $_GET['code'];
// get access token from code.
$accessToken = $cmuOauth->getAccessTokenAuthCode($code);
$_SESSION['accessToken']=$accessToken->access_token;
echo "<pre>";
var_dump($accessToken);
echo "</pre>";
echo "<a href=\"userInfo.php\">View User Info</a>";
echo "<br>";
echo "<a href=\"index.php\">Home</a>";
}
?>