authentiq/oauth2-authentiq

Authentiq OAuth 2.0 Client Provider for The PHP League OAuth2-Client

v1.0.0 2017-04-06 12:57 UTC

README

This package provides Authentiq support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require authentiq/oauth2-authentiq

Usage

Usage is the same as The League's OAuth client, using Authentiq\OAuth2\Client\Provider\Authentiq as the provider.

Authorization Code Flow

$provider = new Authentiq\OAuth2\Client\Provider\Authentiq([
    'clientId'     => 'authentiq-client-id',
    'clientSecret' => 'authentiq-client-secret',
    'redirectUri'  => 'your-callback-url',
    'scope'        => 'openid email~rs phone~r aq:name aq:push'
]);

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl();

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: ' . $authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {

    if (isset($_SESSION['oauth2state'])) {
        unset($_SESSION['oauth2state']);
    }
    exit('Invalid state');

} else {
    try {
        // Try to get an the IdToken using the authorization code grant.
        $idToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // Using the ID token, create the resource owner.
        $resourceOwner = $provider->getResourceOwner($idToken);
                
        // Now the $resourceOwner contains all the user info you need to create the user, 
        // store the unique user id from the sub 
        // or present the info you asked for.


    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());

    }
}

Refreshing a Token

Authentiq's OAuth implementation does not use refresh tokens.