Difference between revisions of "CMU OAUTH PHP CLASS"

From CMU ITSC Network
(26 intermediate revisions by the same user not shown)
Line 1: Line 1:
== บทนำ ==
+
== Introduction ==
 +
Authorization Code Flow<br>
 +
[[File:CMUOAuth-authozizationcode flow.jpg|link=]]<br>
 +
from [https://oauth.cmu.ac.th CMU OAuth]
 +
== Requirement ==
 +
[http://php.net/manual/en/book.curl.php php_curl]
 +
== Methods ==
 +
=== Constructor ===
 +
Set Client ID, Client Secret, Redirect URI
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|__construct([string $appId, string $clientSecret, string $redirectURI])
 +
|}
  
== Method ==
+
{| class="wikitable"
=== Constructor ===
+
|+ style="text-align:left;"|Parameters
 +
|-
 +
|name || description
 +
|-
 +
|appId
 +
|cmu oauth Client ID
 +
|-
 +
|clientSecret
 +
|cmu oauth Client Secret
 +
|-
 +
|redirectURI
 +
|cmu oauth Redirect URI
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| no return value
 +
|}
 
=== setAppId ===
 
=== setAppId ===
== อ้างอิง ==
+
set Client ID
[https://oauth.cmu.ac.th]
+
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|setAppId(string $appid)
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|name || description
 +
|-
 +
|appid
 +
|cmu oauth Client ID
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| no return value
 +
|}
 +
 
 +
=== setAppSecret ===
 +
Set Client Secret
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|setAppSecret(string $appSecret)
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|name || description
 +
|-
 +
|appSecret
 +
|cmu oauth Client Secret
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| no return value
 +
|}
 +
 
 +
=== setCallbackUri===
 +
Set Redirect URI
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|setCallbackUri(string $uri)
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|name || description
 +
|-
 +
|uri
 +
|Application Callback / Redirect URI
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| no return value
 +
|}
 +
 
 +
 
 +
=== setScope===
 +
Set scope
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|setScope(string $scope)
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|name || description
 +
|-
 +
|scope
 +
|access token scope name comma separate value
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| no return value
 +
|}
 +
 
 +
=== setState===
 +
Set state
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|setState()
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|no parameters
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| String
 +
|-
 +
| Random String
 +
|}
 +
 
 +
=== initOauth ===
 +
Initial redirect to CMU Oauth for authorization.
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|initOauth()
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|no parameter
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Return Values
 +
|-
 +
| no return value
 +
|}
 +
 
 +
=== getAccessTokenAuthCode ===
 +
Get user's authorized access token for authorization code flow.
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|object getAccessTokenAuthCode(string $code)
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|name || description
 +
|-
 +
|code
 +
|code that parse by CMU Oauth to redirect URI.
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"| Return Values
 +
|-
 +
| object
 +
|-
 +
|<syntaxhighlight lang=json>{
 +
  "access_token": "66822448858031556636",
 +
  "expires_in": 3600,
 +
  "refresh_token": "23178027621214615262"
 +
}</syntaxhighlight>
 +
|}
 +
 
 +
=== getAccessTokenClientCred ===
 +
Get access token for client credential flow.
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Description
 +
|-
 +
|object getAccessTokenClientCred()
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"|Parameters
 +
|-
 +
|no parameter
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ style="text-align:left;"| Return Values
 +
|-
 +
| object
 +
|-
 +
|<syntaxhighlight lang=json>{
 +
  "access_token": "66822448858031556636",
 +
  "expires_in": 3600,
 +
  "refresh_token": null
 +
}</syntaxhighlight>
 +
|}
 +
 
 +
 
 +
 
 +
== Examples ==
 +
callback.php
 +
<syntaxhighlight lang=php>
 +
<?php
 +
session_start();
 +
// provide your application id,secret and redirect uri
 +
$appId = '';
 +
$appSecret = '';
 +
$callbackUri[5] = 'http://localhost/php5/callback.php';
 +
$callbackUri[7] = 'http://localhost/php7/callback.php';
 +
$scope = 'cmuitaccount.basicinfo';
 +
 
 +
require('cmu.oauth.class.php');
 +
// new CMU Oauth Instance.
 +
$cmuOauth = new cmuOauth();
 +
// set your application id,secret and redirect uri
 +
$cmuOauth->setAppId($appId);
 +
$cmuOauth->setAppSecret($appSecret);
 +
$cmuOauth->setCallbackUri($callbackUri[PHP_MAJOR_VERSION]);
 +
$cmuOauth->setScope($scope);
 +
 
 +
if (isset($_GET['error'])) {
 +
session_destroy();
 +
  exit($_GET['error']);
 +
} elseif(!isset($_GET['code'])){
 +
//set state
 +
$_SESSION['oauth2state'] = $cmuOauth->setState();
 +
 
 +
// initial redirect to CMU Oauth login page.
 +
$cmuOauth->initOauth();
 +
 
 +
// Check given state against previously stored one to mitigate CSRF attack
 +
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
 +
if (isset($_SESSION['oauth2state'])) {
 +
unset($_SESSION['oauth2state']);
 +
}
 +
exit('Invalid state');
 +
} else {
 +
// code parse from CMU Oauth to your redirect uri.
 +
$code = $_GET['code'];
 +
// get access token from code.
 +
$accessToken = $cmuOauth->getAccessTokenAuthCode($code);
 +
  $_SESSION['accessToken']=$accessToken->access_token;
 +
  echo "<pre>";
 +
var_dump($accessToken);
 +
  echo "</pre>";
 +
  echo "<a href=\"userInfo.php\">View User Info</a>";
 +
  echo "<br>";
 +
  echo "<a href=\"index.php\">Home</a>";
 +
}
 +
?>
 +
</syntaxhighlight>
 +
 
 +
== Download ==
 +
[http://myweb.cmu.ac.th/supawit.w/cmu.oauth.class.php.zip cmu.oauth.class.php.zip]
 +
 
 +
== Reference ==
 +
[https://oauth.cmu.ac.th https://oauth.cmu.ac.th]<br>
 +
[https://tools.ietf.org/html/rfc6749 https://tools.ietf.org/html/rfc6749]

Revision as of 10:22, 26 February 2018

Introduction

Authorization Code Flow
CMUOAuth-authozizationcode flow.jpg
from CMU OAuth

Requirement

php_curl

Methods

Constructor

Set Client ID, Client Secret, Redirect URI

Description
__construct([string $appId, string $clientSecret, string $redirectURI])
Parameters
name description
appId cmu oauth Client ID
clientSecret cmu oauth Client Secret
redirectURI cmu oauth Redirect URI
Return Values
no return value

setAppId

set Client ID

Description
setAppId(string $appid)
Parameters
name description
appid cmu oauth Client ID
Return Values
no return value

setAppSecret

Set Client Secret

Description
setAppSecret(string $appSecret)
Parameters
name description
appSecret cmu oauth Client Secret
Return Values
no return value

setCallbackUri

Set Redirect URI

Description
setCallbackUri(string $uri)
Parameters
name description
uri Application Callback / Redirect URI
Return Values
no return value


setScope

Set scope

Description
setScope(string $scope)
Parameters
name description
scope access token scope name comma separate value
Return Values
no return value

setState

Set state

Description
setState()
Parameters
no parameters
Return Values
String
Random String

initOauth

Initial redirect to CMU Oauth for authorization.

Description
initOauth()
Parameters
no parameter
Return Values
no return value

getAccessTokenAuthCode

Get user's authorized access token for authorization code flow.

Description
object getAccessTokenAuthCode(string $code)
Parameters
name description
code code that parse by CMU Oauth to redirect URI.
Return Values
object
{
  "access_token": "66822448858031556636", 
  "expires_in": 3600, 
  "refresh_token": "23178027621214615262"
}

getAccessTokenClientCred

Get access token for client credential flow.

Description
object getAccessTokenClientCred()
Parameters
no parameter
Return Values
object
{
  "access_token": "66822448858031556636", 
  "expires_in": 3600, 
  "refresh_token": null
}


Examples

callback.php

<?php
session_start();
// provide your application id,secret and redirect uri
$appId = '';
$appSecret = '';
$callbackUri[5] = 'http://localhost/php5/callback.php';
$callbackUri[7] = 'http://localhost/php7/callback.php';
$scope = 'cmuitaccount.basicinfo';

require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri[PHP_MAJOR_VERSION]);
$cmuOauth->setScope($scope);

if (isset($_GET['error'])) {
	session_destroy();
  exit($_GET['error']);
} elseif(!isset($_GET['code'])){
	//set state
	$_SESSION['oauth2state'] = $cmuOauth->setState();

	// initial redirect to CMU Oauth login page.
	$cmuOauth->initOauth();

// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
	if (isset($_SESSION['oauth2state'])) {
		unset($_SESSION['oauth2state']);
	}
	exit('Invalid state');
} else {
	// code parse from CMU Oauth to your redirect uri.
	$code = $_GET['code'];
	// get access token from code.
	$accessToken = $cmuOauth->getAccessTokenAuthCode($code);
  $_SESSION['accessToken']=$accessToken->access_token;
  echo "<pre>";
	var_dump($accessToken);
  echo "</pre>";
  echo "<a href=\"userInfo.php\">View User Info</a>";
  echo "<br>";
  echo "<a href=\"index.php\">Home</a>";
}
?>

Download

cmu.oauth.class.php.zip

Reference

https://oauth.cmu.ac.th
https://tools.ietf.org/html/rfc6749