Difference between revisions of "CMU OAUTH PHP CLASS"
From CMU ITSC Network
Line 103: | Line 103: | ||
|} | |} | ||
+ | |||
+ | === setScope=== | ||
+ | Set scope | ||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Description | ||
+ | |- | ||
+ | |setScope(string $scope) | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Parameters | ||
+ | |- | ||
+ | |name || description | ||
+ | |- | ||
+ | |scope | ||
+ | |access token scope name comma separate value | ||
+ | |} | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |+ style="text-align:left;"|Return Values | ||
+ | |- | ||
+ | | no return value | ||
+ | |} | ||
=== setState=== | === setState=== | ||
Line 109: | Line 132: | ||
|+ style="text-align:left;"|Description | |+ style="text-align:left;"|Description | ||
|- | |- | ||
− | | | + | |setState() |
|} | |} | ||
Revision as of 10:14, 26 February 2018
Introduction
Authorization Code Flow
from CMU OAuth
Requirement
Methods
Constructor
Set Client ID, Client Secret, Redirect URI
__construct([string $appId, string $clientSecret, string $redirectURI]) |
name | description |
appId | cmu oauth Client ID |
clientSecret | cmu oauth Client Secret |
redirectURI | cmu oauth Redirect URI |
no return value |
setAppId
set Client ID
setAppId(string $appid) |
name | description |
appid | cmu oauth Client ID |
no return value |
setAppSecret
Set Client Secret
setAppSecret(string $appSecret) |
name | description |
appSecret | cmu oauth Client Secret |
no return value |
setCallbackUri
Set Redirect URI
setCallbackUri(string $uri) |
name | description |
uri | Application Callback / Redirect URI |
no return value |
setScope
Set scope
setScope(string $scope) |
name | description |
scope | access token scope name comma separate value |
no return value |
setState
Set state
setState() |
no parameters |
String |
Random String |
initOauth
Initial redirect to CMU Oauth for authorization.
initOauth() |
no parameter |
no return value |
getAccessToken
Get user's authorized access token.
object getAccessToken(string $code) |
name | description |
code | code that parse by CMU Oauth to redirect URI. |
object |
{
"access_token": "66822448858031556636",
"expires_in": 3600,
"refresh_token": "23178027621214615262"
}
|
getUserInfo
Get user's information by user's authorized access token.
object getUserInfo(string $accessToken) |
name | description |
accessToken | user's authorized access token |
object |
{
"status": true,
"data": {
"timestamp": "2017-03-31T17:30:55.7933253+07:00",
"itaccount_name": "jon_s",
"citizen_id": "1111111111111",
"student_id": "520510999",
"prefix": {
"en_US": "Mr.",
"th_TH": "นาย"
},
"first_name": {
"en_US": "JON",
"th_TH": "จอน"
},
"last_name": {
"en_US": "SNOW",
"th_TH": "สโนว์"
},
"organization": {
"code": "05",
"name": {
"en_US": "Faculty of Science",
"th_TH": "คณะวิทยาศาสตร์"
}
},
"itaccount_type": {
"id": "AlumAcc",
"en_US": "Alumni Account",
"th_TH": "นักศึกษาเก่า"
}
}
}
|
Examples
callback.php
<?php
session_start();
// provide your application id,secret and redirect uri
$appId = 'your cmu ouath client ID';
$appSecret = 'your cmu oauth client secret';
$callbackUri = 'your cmu oauth Redirect URI';
require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri);
if(!isset($_GET['code'])){
//set state
$_SESSION['oauth2state'] = $cmuOauth->setState();
// initial redirect to CMU Oauth login page.
$cmuOauth->initOauth();
// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
// code parse from CMU Oauth to your redirect uri.
$code = $_GET['code'];
// get access token from code.
$accessToken = $cmuOauth->getAccessToken($code);
// get user information from access token.
$userInfo = $cmuOauth->getUserInfo($accessToken->access_token);
// do login process
// create session if status == true, refer to return values of cmuOauth::getUserInfo
// else destroy session
if($userInfo->status===true){
$sid = session_id();
$_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th";
header("location: https://example.com/main.html");
exit();
}else {
session_start();
unset($_SESSION["user_$sid"]);
session_destroy();
header("location: https://example.com/403.html");
exit();
}
}
?>