Difference between revisions of "CMU OAUTH PHP CLASS"

From CMU ITSC Network
Line 236: Line 236:
 
<syntaxhighlight lang=php>
 
<syntaxhighlight lang=php>
 
<?php
 
<?php
 +
session_start();
 
// provide your application id,secret and redirect uri
 
// provide your application id,secret and redirect uri
 
$appId = 'your cmu ouath client ID';
 
$appId = 'your cmu ouath client ID';
Line 249: Line 250:
 
$cmuOauth->setCallbackUri($callbackUri);
 
$cmuOauth->setCallbackUri($callbackUri);
  
if(isset($_GET['code'])){
+
if(!isset($_GET['code'])){
// code parse from CMU Oauth to your redirect uri.
+
//set state
 +
$_SESSION['oauth2state'] = $cmuOauth->setState();
 +
 
 +
// initial redirect to CMU Oauth login page.
 +
$cmuOauth->initOauth();
 +
 
 +
// Check given state against previously stored one to mitigate CSRF attack
 +
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
 +
if (isset($_SESSION['oauth2state'])) {
 +
unset($_SESSION['oauth2state']);
 +
}
 +
exit('Invalid state');
 +
} else {
 +
      // code parse from CMU Oauth to your redirect uri.
 
$code = $_GET['code'];
 
$code = $_GET['code'];
 
// get access token from code.
 
// get access token from code.
Line 262: Line 276:
 
// else destroy session
 
// else destroy session
 
if($userInfo->status===true){
 
if($userInfo->status===true){
  session_start();
 
 
  $sid = session_id();
 
  $sid = session_id();
 
  $_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th";    
 
  $_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th";    
Line 273: Line 286:
 
  header("location: https://example.com/403.html");
 
  header("location: https://example.com/403.html");
 
  exit();
 
  exit();
}
+
}
}else{
 
// initial redirect to CMU Oauth login page.
 
$cmuOauth->initOauth();
 
 
}
 
}
 
?>
 
?>

Revision as of 10:46, 11 December 2017

Introduction

Authorization Code Flow
CMUOAuth-authozizationcode flow.jpg
from CMU OAuth

Requirement

php_curl

Methods

Constructor

Set Client ID, Client Secret, Redirect URI

Description
__construct([string $appId, string $clientSecret, string $redirectURI])
Parameters
name description
appId cmu oauth Client ID
clientSecret cmu oauth Client Secret
redirectURI cmu oauth Redirect URI
Return Values
no return value

setAppId

set Client ID

Description
setAppId(string $appid)
Parameters
name description
appid cmu oauth Client ID
Return Values
no return value

setAppSecret

Set Client Secret

Description
setAppSecret(string $appSecret)
Parameters
name description
appSecret cmu oauth Client Secret
Return Values
no return value

setCallbackUri

Set Redirect URI

Description
setCallbackUri(string $uri)
Parameters
name description
uri Application Callback / Redirect URI
Return Values
no return value


setState

Set state

Description
setCallbackUri()
Parameters
no parameters
Return Values
String
Random String

initOauth

Initial redirect to CMU Oauth for authorization.

Description
initOauth()
Parameters
no parameter
Return Values
no return value

getAccessToken

Get user's authorized access token.

Description
object getAccessToken(string $code)
Parameters
name description
code code that parse by CMU Oauth to redirect URI.
Return Values
object
{
  "access_token": "66822448858031556636", 
  "expires_in": 3600, 
  "refresh_token": "23178027621214615262"
}

getUserInfo

Get user's information by user's authorized access token.

Description
object getUserInfo(string $accessToken)
Parameters
name description
accessToken user's authorized access token
Return Values
object
{
  "status": true,
  "data": {
    "timestamp": "2017-03-31T17:30:55.7933253+07:00",
    "itaccount_name": "jon_s",
    "citizen_id": "1111111111111",
    "student_id": "520510999",
    "prefix": {
      "en_US": "Mr.",
      "th_TH": "นาย"
    },
    "first_name": {
      "en_US": "JON",
      "th_TH": "จอน"
    },
    "last_name": {
      "en_US": "SNOW",
      "th_TH": "สโนว์"
    },
    "organization": {
      "code": "05",
      "name": {
        "en_US": "Faculty of Science",
        "th_TH": "คณะวิทยาศาสตร์"
      }
    },
    "itaccount_type": {
      "id": "AlumAcc",
      "en_US": "Alumni Account",
      "th_TH": "นักศึกษาเก่า"
    }
  }
}

Examples

callback.php

<?php
session_start();
// provide your application id,secret and redirect uri
$appId = 'your cmu ouath client ID';
$appSecret = 'your cmu oauth client secret';
$callbackUri = 'your cmu oauth Redirect URI';

require('cmu.oauth.class.php');
// new CMU Oauth Instance.
$cmuOauth = new cmuOauth();
// set your application id,secret and redirect uri
$cmuOauth->setAppId($appId);
$cmuOauth->setAppSecret($appSecret);
$cmuOauth->setCallbackUri($callbackUri);

if(!isset($_GET['code'])){
	//set state
	$_SESSION['oauth2state'] = $cmuOauth->setState();

	// initial redirect to CMU Oauth login page.
	$cmuOauth->initOauth();

// Check given state against previously stored one to mitigate CSRF attack
} elseif(empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])){
	if (isset($_SESSION['oauth2state'])) {
		unset($_SESSION['oauth2state']);
	}
	exit('Invalid state');
} else {
       // code parse from CMU Oauth to your redirect uri.
	$code = $_GET['code'];
	// get access token from code.
	$accessToken = $cmuOauth->getAccessToken($code);
	// get user information from access token.
	$userInfo = $cmuOauth->getUserInfo($accessToken->access_token);

	
	// do login process 
	// create session if status == true, refer to return values of cmuOauth::getUserInfo
	// else destroy session
	if($userInfo->status===true){
	  $sid = session_id();
	  $_SESSION["user_$sid"]=$userInfo->data->itaccount_name."@cmu.ac.th";	  
	  header("location: https://example.com/main.html");
	  exit();
	}else {
	  session_start();
	  unset($_SESSION["user_$sid"]);	  
	  session_destroy();
	  header("location: https://example.com/403.html");
	  exit();
	}	
}
?>

Download

cmu.oauth.class.php.zip

Reference

https://oauth.cmu.ac.th
https://tools.ietf.org/html/rfc6749