Now Oauth is in a separate file than the API itself

This commit is contained in:
Bruno F. Fontes 2019-03-01 21:00:37 -03:00
parent 443119787f
commit e6f805f76a
Signed by: brunofontes
GPG Key ID: EE3447CE80048495
2 changed files with 85 additions and 84 deletions

View File

@ -1,94 +1,21 @@
<?php
$authorize_url = 'https://cloud.memsource.com/web/oauth/authorize';
$token_url = 'https://cloud.memsource.com/web/oauth/token';
$config = parse_ini_file('config.ini');
// callback URL specified when the application was defined--has to match what the application says
$callback_uri = $config['callbackUri'];
// client (application) credentials - located at apim.byu.edu
$client_id = $config['id'];
$client_secret = $config['secret'];
//TODO: Separate the API tool from code that calls it
$test_api_url = 'https://cloud.memsource.com/web/api2/v1/auth/whoAmI';
if (isset($_POST['authorization_code'])) {
// what to do if there's an authorization code
$access_token = getAccessToken($_POST['authorization_code']);
$resource = getResource($access_token);
echo $resource;
} elseif (isset($_GET['code'])) {
$access_token = getAccessToken($_GET['code']);
print_r($access_token);
$resource = getResource($access_token);
print_r($resource);
echo $resource;
} elseif (isset($_GET['token'])) {
echo "Token... ok!\n";
$resource = getResource($_GET['token']);
print_r($resource);
} elseif (isset($_GET['error'])) {
echo 'access_denied';
} else {
// what to do if there's no authorization code
getAuthorizationCode();
session_start();
if (!isset($_SESSION['token'])) {
header('Location: /oauth.php');
}
// step A - simulate a request from a browser on the authorize_url
// will return an authorization code after the user is prompted for credentials
function getAuthorizationCode()
{
global $authorize_url, $client_id, $callback_uri;
$authorization_redirect_url = $authorize_url . '?response_type=code&client_id=' . $client_id . '&redirect_uri=' . $callback_uri . '&scope=openid';
header('Location: ' . $authorization_redirect_url);
// if you don't want to redirect
// echo "Go <a href='$authorization_redirect_url'>here</a>, copy the code, and paste it into the box below.<br /><form action=" . $_SERVER["PHP_SELF"] . " method = 'post'><input type='text' name='authorization_code' /><br /><input type='submit'></form>";
}
// step I, J - turn the authorization code into an access token, etc.
function getAccessToken($authorization_code)
{
global $token_url, $client_id, $client_secret, $callback_uri;
$authorization = base64_encode("$client_id:$client_secret");
$header = ["Authorization: Basic {$authorization}", 'Content-Type: application/x-www-form-urlencoded'];
$content = "grant_type=authorization_code&code=$authorization_code&redirect_uri=$callback_uri";
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $token_url,
CURLOPT_HTTPHEADER => $header,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $content
]);
$response = curl_exec($curl);
$objectResponse = json_decode($response);
curl_close($curl);
if ($response === false) {
echo 'Failed';
echo curl_error($curl);
echo 'Failed';
} elseif (isset($objectResponse->error)) {
echo 'Error:<br />';
echo $authorization_code;
echo $response;
}
return $objectResponse->access_token;
}
$resource = getResource($_SESSION['token']);
echo "<br>\nuserName: {$resource['user']['userName']}";
echo "<br>\nName: {$resource['user']['firstName']}";
echo "<br>\nLast name: {$resource['user']['lastName']}";
echo "<br>\nEmail: {$resource['user']['email']}";
echo "<br>\nEdition: {$resource['edition']['name']}";
echo "<br>\nOrganization: {$resource['organization']['name']}";
// we can now use the access_token as much as we want to access protected resources
function getResource($access_token)
{
global $test_api_url;
$test_api_url = 'https://cloud.memsource.com/web/api2/v1/auth/whoAmI';
$header = ["Authorization: Bearer {$access_token}"];

View File

@ -0,0 +1,74 @@
<?php
session_start();
$authorize_url = 'https://cloud.memsource.com/web/oauth/authorize';
$token_url = 'https://cloud.memsource.com/web/oauth/token';
$config = parse_ini_file('config.ini');
// callback URL specified when the application was defined--has to match what the application says
$callback_uri = $config['callbackUri'];
// client (application) credentials - located at apim.byu.edu
$client_id = $config['id'];
$client_secret = $config['secret'];
if (isset($_GET['code'])) {
// what to do if there's an authorization code
$access_token = getAccessToken($_GET['code']);
$_SESSION['token'] = $access_token;
header('Location: /');
} elseif (isset($_GET['error'])) {
echo 'Access Denied';
} else {
// what to do if there's no authorization code
getAuthorizationCode();
}
// step A - simulate a request from a browser on the authorize_url
// will return an authorization code after the user is prompted for credentials
function getAuthorizationCode()
{
global $authorize_url, $client_id, $callback_uri;
$authorization_redirect_url = $authorize_url . '?response_type=code&client_id=' . $client_id . '&redirect_uri=' . $callback_uri . '&scope=openid';
header('Location: ' . $authorization_redirect_url);
// if you don't want to redirect
// echo "Go <a href='$authorization_redirect_url'>here</a>, copy the code, and paste it into the box below.<br /><form action=" . $_SERVER["PHP_SELF"] . " method = 'post'><input type='text' name='authorization_code' /><br /><input type='submit'></form>";
}
// step I, J - turn the authorization code into an access token, etc.
function getAccessToken($authorization_code)
{
global $token_url, $client_id, $client_secret, $callback_uri;
$authorization = base64_encode("$client_id:$client_secret");
$header = ["Authorization: Basic {$authorization}", 'Content-Type: application/x-www-form-urlencoded'];
$content = "grant_type=authorization_code&code=$authorization_code&redirect_uri=$callback_uri";
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $token_url,
CURLOPT_HTTPHEADER => $header,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $content
]);
$response = curl_exec($curl);
$objectResponse = json_decode($response);
curl_close($curl);
if ($response === false) {
echo 'Failed';
echo curl_error($curl);
echo 'Failed';
} elseif (isset($objectResponse->error)) {
echo 'Error:<br />';
echo $authorization_code;
echo $response;
}
return $objectResponse->access_token;
}