mollie / oauth2-mollie-php
Mollie Provider for OAuth 2.0 Client
Installs: 917 442
Dependents: 1
Suggesters: 5
Security: 0
Stars: 22
Watchers: 39
Forks: 12
Open Issues: 0
Requires
- php: ^7.4|^8.0
- league/oauth2-client: ^2.7
Requires (Dev)
- mockery/mockery: ^1.5
- phpunit/phpunit: ^9.6|^10.0
Suggests
- mollie/mollie-api-php: To use the Mollie API client to interact with the Mollie API.
README
Mollie Connect in PHP
This package provides Mollie OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Visit our API documentation for more information about the Mollie implementation of OAuth2.
Use Mollie Connect (OAuth) to easily connect Mollie Merchant accounts to your application. Mollie Connect also makes it possible to charge additional fees to your costumers with Application Fee.
Installation
By far the easiest way to install the Mollie API client is to require it with Composer.
$ composer require mollie/oauth2-mollie-php ^2.0
{
"require": {
"mollie/oauth2-mollie-php": "^2.0"
}
}
You may also git checkout or download all the files, and include the OAuth 2.0 provider manually.
Usage
Usage is the same as The League's OAuth client, using \Mollie\OAuth2\Client\Provider\Mollie
as the provider.
Authorization Code Flow
$provider = new \Mollie\OAuth2\Client\Provider\Mollie([ 'clientId' => 'YOUR_CLIENT_ID', 'clientSecret' => 'YOUR_CLIENT_SECRET', 'redirectUri' => 'https://your-redirect-uri', ]); // If we don't have an authorization code then get one if (!isset($_GET['code'])) { // Fetch the authorization URL from the provider; this returns the // urlAuthorize option and generates and applies any necessary parameters // (e.g. state). $authorizationUrl = $provider->getAuthorizationUrl([ // Optional, only use this if you want to ask for scopes the user previously denied. 'approval_prompt' => 'force', // Optional, a list of scopes. Defaults to only 'organizations.read'. 'scope' => [ \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_ORGANIZATIONS_READ, \Mollie\OAuth2\Client\Provider\Mollie::SCOPE_PAYMENTS_READ, ], ]); // Get the state generated for you and store it to the session. $_SESSION['oauth2state'] = $provider->getState(); // Redirect the user to the authorization URL. header('Location: ' . $authorizationUrl); exit; } // Check given state against previously stored one to mitigate CSRF attack elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state'); } else { try { // Try to get an access token using the authorization code grant. $accessToken = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // Using the access token, we may look up details about the resource owner. $resourceOwner = $provider->getResourceOwner($accessToken); print_r($resourceOwner->toArray()); } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { // Failed to get the access token or user details. exit($e->getMessage()); } }
Refreshing A Token
$provider = new \Mollie\OAuth2\Client\Provider\Mollie([ 'clientId' => 'YOUR_CLIENT_ID', 'clientSecret' => 'YOUR_CLIENT_SECRET', 'redirectUri' => 'https://your-redirect-uri', ]); $grant = new \League\OAuth2\Client\Grant\RefreshToken(); $token = $provider->getAccessToken($grant, ['refresh_token' => $refreshToken]);
Authenticating using the AccessToken (mollie-api-php example)
After refreshing an AccessToken, here's how to use it with the mollie-api-php package. Note that the getToken()
method is used to obtain the access token string.
$mollie = new \Mollie\Api\MollieApiClient; $mollie->setAccessToken($token->getToken()); // With the correct scopes, you can now interact with Mollie's API on behalf of the Merchant $payments = $mollie->payments->page();
Note
In order to access the mollie api via \Molie\Api\MollieApiClient
, the mollie/mollie-api-php library is required!
Revoking a token
Both AccessTokens and RefreshTokens are revokable. Here's how to revoke an AccessToken:
$provider = new \Mollie\OAuth2\Client\Provider\Mollie([ 'clientId' => 'YOUR_CLIENT_ID', 'clientSecret' => 'YOUR_CLIENT_SECRET', 'redirectUri' => 'https://your-redirect-uri', ]); $provider->revokeAccessToken($accessToken->getToken());
Similarly, here's how to revoke a RefreshToken:
Note: When you revoke a refresh token, all access tokens based on the same authorization grant will be revoked as well.
$provider = new \Mollie\OAuth2\Client\Provider\Mollie([ 'clientId' => 'YOUR_CLIENT_ID', 'clientSecret' => 'YOUR_CLIENT_SECRET', 'redirectUri' => 'https://your-redirect-uri',**** ]); $provider->revokeRefreshToken($refreshToken->getToken());
API documentation
If you wish to learn more about our APIs, please visit the Mollie Developer Portal.
Want to help us make our API client even better?
Want to help us make our API client even better? We take pull requests, sure. But how would you like to contribute to a technology oriented organization? Mollie is hiring developers and system engineers. Check out our vacancies or get in touch.
License
BSD (Berkeley Software Distribution) License. Copyright (c) 2015-2018, Mollie B.V.
Support
Contact: www.mollie.com — info@mollie.com — +31 20-612 88 55