Craft ID Provider for OAuth 2.0 Client
This package provides Craft ID OAuth 2.0 support for the PHP League's OAuth 2.0 Client., (*1)
This package is compliant with PSR-1, PSR-2 and PSR-4. If you notice compliance oversights, please send
a patch via pull request., (*2)
Requirements
The following versions of PHP are supported., (*3)
- PHP 5.6
- PHP 7.0
- PHP 7.1
- HHVM
Installation
To install, use composer:, (*4)
composer require craftcms/oauth2-craftid
Usage
Authorization Code Flow
$provider = new \craftcms\oauth2\client\provider\CraftId([
'clientId' => '{craft-app-id}',
'clientSecret' => '{craft-app-secret}',
'redirectUri' => 'https://example.com/callback-url',
]);
if (!empty($_GET['error'])) {
// Got an error, probably user denied access
exit('Got error: ' . htmlspecialchars($_GET['error'], ENT_QUOTES, 'UTF-8'));
} elseif (empty($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authUrl);
exit;
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
// State is invalid, possible CSRF attack in progress
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the owner details
$ownerDetails = $provider->getResourceOwner($token);
// Use these details to create a new profile
printf('Hello %s!', $ownerDetails->getName());
} catch (Exception $e) {
// Failed to get user details
exit('Something went wrong: ' . $e->getMessage());
}
// Use this to interact with an API on the users behalf
echo $token->getToken();
// Use this to get a new access token if the old one expires
echo $token->getRefreshToken();
// Number of seconds until the access token will expire, and need refreshing
echo $token->getExpires();
}
Scopes
If needed, you can include an array of scopes when getting the authorization url. Example:, (*5)
$authorizationUrl = $provider->getAuthorizationUrl([
'scope' => [
'purchasePlugins',
'existingPlugins',
'transferPluginLicense',
'deassociatePluginLicense',
]
]);
header('Location: ' . $authorizationUrl);
exit;
Testing
bash
$ ./vendor/bin/phpunit
, (*6)
Credits
License
The MIT License (MIT). Please see License File for more information., (*7)