prestashopcorp / oauth2-prestashop
PrestaShop OAuth 2.0 support for the PHP League's OAuth 2.0 Client
Installs: 8 384
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 10
Forks: 1
Open Issues: 0
Requires
- php: >=5.6
- league/oauth2-client: ^2.0
Requires (Dev)
- phpstan/phpstan: ^1.7
- phpunit/phpunit: ^8.0 || ^9.0
- prestashop/php-dev-tools: ^4.2
This package is auto-updated.
Last update: 2024-10-22 13:17:06 UTC
README
This package provides PrestaShop OAuth 2.0 support for the PHP League's OAuth 2.0 Client.
Installation
composer require prestashopcorp/oauth2-prestashop
Usage
$prestaShopProvider = new \PrestaShop\OAuth2\Client\Provider\PrestaShop([ 'clientId' => 'yourClientId', // The client ID assigned to you by PrestaShop 'clientSecret' => 'yourClientSecret', // The client password assigned to you by PrestaShop 'redirectUri' => 'yourClientRedirectUri', // The URL responding to the code flow implemented here // Optional parameters 'uiLocales' => ['fr-FR', 'en'], 'acrValues' => ['prompt:create'], // In that specific case we change the default prompt to the "register" page ]); if (!empty($_GET['error'])) { // Got an error, probably user denied access exit($_GET['error']); // If we don't have an authorization code then get one } elseif (!isset($_GET['code'])) { $authorizationUrl = $prestaShopProvider->getAuthorizationUrl($options); // Get state and store it to the session $_SESSION['oauth2state'] = $prestaShopProvider->getState(); // Redirect user to authorization URL header('Location: ' . $authorizationUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) { if (isset($_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); } exit('Invalid state'); } else { try { // Try to get an access token (using the authorization code grant) $accessToken = $prestaShopProvider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // Use this to interact with an API on the users behalf $token = $accessToken->getToken(); // Get resource owner $prestaShopUser = $provider->getResourceOwner($accessToken); var_dump( $prestaShopUser->getId(), $prestaShopUser->getName(), $prestaShopUser->getEmail(), $prestaShopUser->getEmailVerified(), $prestaShopUser->getPicture(), $prestaShopUser->toArray() ); } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { exit($e->getMessage()); } }
For more information see the PHP League's general usage examples.
Logout flow
Going beyond the scope of this library we provide a helper function getLogoutUrl
to logout from your oauth2 session.
The only required parameter is id_token_int
here, you can optionally provide post_logout_redirect_uri
to override the one from the constructor.
Also don't forget to provide postLogoutCallbackUri
at construction time if you plan to use it.
$prestaShopProvider = new \PrestaShop\OAuth2\Client\Provider\PrestaShop([ 'clientId' => 'yourClientId', // The client ID assigned to you by PrestaShop 'clientSecret' => 'yourClientSecret', // The client password assigned to you by PrestaShop 'redirectUri' => 'yourClientRedirectUri', // The URL responding to the code flow implemented here 'postLogoutCallbackUri' => 'yourLogoutCallbackUri', // Logout url whitelisted among the ones defined with your client // Optional parameters 'uiLocales' => ['fr-FR', 'en'], 'acrValues' => ['prompt:create'], // In that specific case we change the default prompt to the "register" page ]); if (isset($_GET['oauth2Callback')) { // your logout code session_destroy(); } else { /** @var \League\OAuth2\Client\Token\AccessToken $accessToken */ $accessToken = $_SESSION['accessToken']; // The only required parameter is "id_token_int" here, // you can optionally provide "post_logout_redirect_uri" to override the one from the constructor. $logoutUrl = $prestaShopProvider->getLogoutUrl([ 'id_token_hint' => $accessToken->getValues()['id_token'], // (Optionnal here) Logout url whitelisted among the ones defined with your client // 'post_logout_redirect_uri' => 'https://my-logout-url/?oauth2Callback', ]); header('Location: ' . $logoutUrl); exit; }
Testing
$ ./vendor/bin/phpunit
License
The MIT License (MIT). Please see License File for more information.