spaces/oauth2-client

This package is abandoned and no longer maintained. No replacement package was suggested.

OAuth 2.0 authentication for Mittwald SPACES

Maintainers

Details

github.com/mittwald/spaces-auth

Source

Issues

Installs: 1 110

Dependents: 1

Suggesters: 0

Security: 0

Stars: 1

Watchers: 9

Forks: 0

Open Issues: 0

v2.0.0 2018-08-29 18:46 UTC

Requires

Requires (Dev)

MIT 01363b6a38f03b9a8e004b3c139e7f8acf1f950d

  • Martin Helmich <m.helmich.woop@mittwald.de>

This package is auto-updated.

Last update: 2020-04-12 14:02:33 UTC

README

Build Status Packagist

Client library to integrate an OAuth2.0 authorization flow into PHP applications.

Usage

  1. Provide your own implementation of the Mw\Spaces\OAuth2\Context interface:

    namespace Your\Namespace;

class Context implements \Mw\Spaces\OAuth2\Context
{
    public function getRedirectURI()
    {
        return "https://my-application.example/oauth-redir";
    }        
}

    Note that the /oauth-redir path needs to point to an application-specific OAuth2 redirection handler implemented by you.

  2. Create the OAuth2.0 provider:

    $ctx = new \Your\Namespace\Context();
$opts = new \Mw\Spaces\OAuth2\EnvironmentOptions($_SERVER);

$provider = new \Mw\Spaces\OAuth2\SpacesProvider($opts, $ctx);

  3. Next, retrieve the authorization URL and redirect your user there:

    $authorizationURL = $provider->getAuthorizationUrl();

$_SESSION["spaces.de/auth/csrf"] = $provider->getState();

header("Location: " . $authorizationURL);

  4. The identity provider will prompt the user for their credentials, and - on success - will redirect the user back to your Redirect URI. When handling the redirected request, you'll need to retrieve the authorization code and check the CSRF value:

    $state = $_GET["state"];
$code  = $_GET["code"];

if ($_SESSION["spaces.de/auth/csrf"] != $state) {
    die("...");
}

    After that, you can use the code to retrieve your access token:

    $accessToken = $provider->getAccessToken('authorization_code', [
    'code' => $code,
]);

  5. Having the $accessToken, you can now (all while handling the redirected request) use that token to load the resource owner:

    try {
    $owner = $provider->getResourceOwner($accessToken);
    $ownerID = $accessToken->getResourceOwnerId();
    
    // synchronize local user using $owner
} catch (\Mw\Spaces\OAuth2\Error\UserNotPresentException $err) {
    // user has no access to project
    // deny login
}

    Use the data in the $owner object to construct a new local user (or update an existing record). You can store the Resource Owner ID for each created user to match them later on.