jampire / oauth2-appid
IBM App ID OAuth 2.0 Client Provider for The PHP League OAuth2 Client
Installs: 3 278
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 3
Forks: 1
Open Issues: 0
Requires
- php: ^7.0
- league/oauth2-client: ^2.4
Requires (Dev)
- ext-json: *
- jakub-onderka/php-console-highlighter: ^0.4.0
- jakub-onderka/php-parallel-lint: ^1.0
- mockery/mockery: ^1.3
- phpunit/phpunit: ^5.7|^6.0|^8.4
- roave/security-advisories: dev-master
- squizlabs/php_codesniffer: ^2.3|^3.5
README
This package provides IBM App ID OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Please, read this page for full documentation.
Installation
To install, use composer:
composer require jampire/oauth2-appid
Usage
Usage is the same as The League's OAuth client, using \Jampire\OAuth2\Client\Provider\AppIdProvider as the provider.
Use baseAuthUri to specify the IBM App ID base server URL. You can lookup the correct value from the Application settings of your IBM App ID service under oAuthServerUrl without tenantId section, eg. https://us-south.appid.cloud.ibm.com/oauth/v4.
Use tenantId to specify the IBM App ID tenant ID. You can lookup the correct value from the Application settings of your IBM App ID service under tenantId, eg. abcd-efgh-1234-5678-mnop.
All other values you can find in Application settings of your IBM App ID service.
Do not forget to register your redirect URL in your IBM App ID whitelist. Please, read IBM App ID documentation.
Authorization Code Flow
<?php require_once __DIR__ . '/vendor/autoload.php'; use Jampire\OAuth2\Client\Provider\AppIdProvider; use Jampire\OAuth2\Client\Provider\AppIdException; session_start(); try { $provider = new AppIdProvider([ 'baseAuthUri' => '{baseAuthUri}', 'tenantId' => '{tenantId}', 'clientId' => '{clientId}', 'clientSecret' => '{clientSecret}', 'redirectUri' => '{redirectUri}', ]); } catch (AppIdException $e) { exit('Failed to create provider: ' . $e->getMessage()); } if (!isset($_GET['code'])) { // If we don't have an authorization code then get one // Fetch the authorization URL from the provider; this returns the // urlAuthorize option and generates and applies any necessary parameters // (e.g. state). $authorizationUrl = $provider->getAuthorizationUrl(); // Get the state generated for you and store it to the session. $_SESSION['oauth2state'] = $provider->getState(); // Redirect the user to the authorization URL. header('Location: ' . $authorizationUrl); exit; } if (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) { // Check given state against previously stored one to mitigate CSRF attack if (isset($_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); } exit('Invalid state'); } try { // Try to get an access token using the authorization code grant. $accessToken = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // We have an access token, which we may use in authenticated // requests against the service provider's API. echo '<b>Access Token:</b> ', $accessToken->getToken(), '<br>'; echo '<b>Refresh Token:</b> ', $accessToken->getRefreshToken(), '<br>'; echo '<b>Expired in:</b> ', $accessToken->getExpires(), '<br>'; echo '<b>Already expired?</b> ', ($accessToken->hasExpired() ? 'expired' : 'not expired'), '<br>'; // Using the access token, we may look up details about the // resource owner. $resourceOwner = $provider->getResourceOwner($accessToken); } catch (Exception $e) { // Failed to get the access token or user details. exit($e->getMessage()); }
Examples
Testing
$ ./vendor/bin/phpunit
Contributing
Please see CONTRIBUTING for details.
Credits
License
The MIT License (MIT). Please see License File for more information.