-
Notifications
You must be signed in to change notification settings - Fork 0
/
generate-token.php
124 lines (102 loc) · 4.37 KB
/
generate-token.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<?php
use League\OAuth2\Client\OptionProvider\OptionProviderInterface;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Provider\GenericProvider;
use League\OAuth2\Client\Token\AccessToken;
use setasign\SetaPDF\Signer\Module\CSC\Client;
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
require_once(__DIR__ . '/../vendor/autoload.php');
/**
* This file uses league/oauth2-client (https://github.com/thephpleague/oauth2-client) as oauth implementation.
*/
$settings = require __DIR__ . '/settings.php';
$apiUri = $settings['apiUri'];
$httpClient = new GuzzleHttp\Client();
$httpClient = new Mjelamanov\GuzzlePsr18\Client($httpClient);
$requestFactory = new Http\Factory\Guzzle\RequestFactory();
$streamFactory = new Http\Factory\Guzzle\StreamFactory();
$client = new Client($apiUri, $httpClient, $requestFactory, $streamFactory);
$oauth2Urls = $client->getOauth2Info();
$provider = new GenericProvider([
'clientId' => $settings['clientId'],
'clientSecret' => $settings['clientSecret'],
'redirectUri' => rtrim($settings['demoUrl'], '/') . '/generate-token.php',
'urlAuthorize' => $oauth2Urls['urlAuthorize'],
'urlAccessToken' => $oauth2Urls['urlAccessToken'],
'urlResourceOwnerDetails' => $oauth2Urls['urlResourceOwnerDetails'],
]
/*
// If your OAuth endpoint requires a JSON document instead of a form-encoded document pass following "optionProvider"
// to the GenericProvider constructor:
, [
'optionProvider' => new class implements OptionProviderInterface {
public function getAccessTokenOptions($method, array $params)
{
$options = ['headers' => ['content-type' => 'application/json']];
if ($method === AbstractProvider::METHOD_POST) {
$options['body'] = json_encode($params);
}
return $options;
}
}
]*/
);
session_start();
if (isset($_GET['reset'])) {
$_SESSION = [];
} elseif (isset($_SESSION['accessToken'])) {
$accessToken = new AccessToken($_SESSION['accessToken']);
}
/** @noinspection PhpStatementHasEmptyBodyInspection */
if (isset($accessToken) && !$accessToken->hasExpired()) {
// do nothing - the access token is still valid
} elseif (isset($accessToken) && $accessToken->getRefreshToken() !== null) {
// access token has expired, but we have refresh token
$accessToken = $provider->getAccessToken('refresh_token', [
'refresh_token' => $accessToken->getRefreshToken()
]);
$_SESSION['accessToken'] = $accessToken->jsonSerialize();
} else {
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl([
'scope' => $settings['oauth2scope']
]);
// Get the state generated for you and store it to the session.
$_SESSION['oauth2state'] = $provider->getState();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit;
}
// Check given state against previously stored one to mitigate CSRF attack
if (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
}
try {
// Try to get an access token using the authorization code grant.
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
} catch (Throwable $e) {
var_dump($e);
die();
}
$_SESSION['accessToken'] = $accessToken->jsonSerialize();
}
// We have an access token, which we may use in authenticated
// requests against the service provider's API.
echo 'Access Token: ' . $accessToken->getToken() . "<br>";
echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "<br>";
echo 'Expired in: ' . date('c', $accessToken->getExpires()) . "<br>";
echo '<a href="demo.php">Go to demo.php</a><br/>';
echo '<a href="ltv-demo.php">Go to ltv-demo.php</a><br/>';
echo '<a href="async-demo.php">Go to async-demo.php</a><br/>';
echo '<a href="appearance-demo.php">Go to appearance-demo.php</a><br/>';