arckinteractive / elgg_oauth_sso
Allows other sites/services to implement SSO using the Elgg as the source of truth for user info
Installs: 10
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 0
Type:elgg-plugin
Requires
- php: >=5.5
- bshaffer/oauth2-server-php: ^1.11
- composer/installers: ~1.0
This package is auto-updated.
Last update: 2024-10-12 08:32:13 UTC
README
Allows other sites to use the elgg server as an oauth identity manager
- Register a new application at
/admin/applications
- Authorize the user by having them log in at
[url]/oauth/authorize?client_id=xxxxxxxx&state=xxxxxxxx&response_type=code&scope=user
where client_id is the generated id of the application, and the state is a random string to prevent CSRF attacks - The user will log in if necessary and authorize the application
- The user will be redirected back to the redirect_uri with the original state in a query param and a code:
[redirect_uri]?state=xxxxxx&code=xxxxxxxx
- Make a POST request to
/oauth/token
with body params of
{
client_id: xxxxxxxx,
client_secret: xxxxxxx,
grant_type: 'authorization_code',
redirect_uri: 'https://xxxxxxxxxxxxx',
code: xxxxxxxxxx
}
- The result will be an access token
{
"access_token": "369e27dae447d3856fc538a217536b186cea1bc3",
"expires_in": 3600,
"token_type": "Bearer",
"scope": "user",
"refresh_token": "3c706473a576815c503a119626d674331becc4c8"
}
- The access token in the header:
Authorization: Bearer 369e27dae447d3856fc538a217536b186cea1bc3
for future OAuth api calls - Retrieve the user info from the GET endpoint
/oauth/api/me
{
"name": "Matt Beckett",
"username": "mbeckett",
"email": "matt@arckinteractive.com"
}
- Use the refresh token to get a fresh access token if necessary, make a POST request to
/oauth/token
with body params of
{
client_id: xxxxxxxx,
client_secret: xxxxxxx,
grant_type: 'refresh_token',
refresh_token: xxxxxxxxxx
}