I downloaded the server version (PDO) available for the OAuth 2.0 here:
Not sure if it is the best implementation out there honestly.
It is configured and currently returns an error JSON indicating it is waiting for a client to pass it the correct arguments.
Now, it comes with a "lib" folder that has a Client .inc file. Honestly, I am not sure how to use it given there is no PHP example I found in the archive and couldn't find anything online. I found an example for Drupal using this library, but it is a mess given they have their own Drupal-related functionalities as a module.
I was wondering if anyone here has had luck using this PHP client library, and if so can they share an example that connects, authorizes and then redirects to the callback URL with the session to be able to access protected page/api calls?
I wanted to try the Facebook Graph API (opensource), yet I found it very custom for Facebook and was not very sure where I should place the URL to the OAuth 2.0 server I installed on my own server machine.
Introduction. league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization.
Setting up an OAuth2 provider is rather easy once you know how the protocol works. It's a 2-or-3 step process (depending on your set-up and whether you're getting tokens on behalf of a user or just from the server).
What you'll need:
What you'll need to figure out how to do on your code:
/authorize
and /token
)The first step to getting a token is to call /authorize?response_type=code&client_id=[YOUR ID]&redirect_uri=[YOUR REDIRECT URI]&scope=[YOUR SCOPE]
, where:
On completion (there's usually a submit button), your browser will be redirected to the URI specified with a code in the URL (code=blah). Save this value.
When you've got this code, call the other endpoint: /token?client_id=[YOUR ID]&client_secret=[YOUR SECRET]&grant_type=authorization_code&scope=[YOUR SCOPE]&code=[YOUR CODE]&redirect_uri=[YOUR REDIRECT URI]
The parameters: - client_id - again, your client public key - client_secret - your private key (this is supposed to be a server-side call) - scope - the scope for the token - MUST MATCH THE FIRST CALL - redirect_uri - the redirect URI - MUST MATCH THE FIRST CALL - code - the code you received
If everything went okay, you'll see a JSON object on your screen containing the token info.
Step 1 (authorize)
When you confirm the form, the server creates a temporary token (auth token as they're called), which typically has a very short life (my oauth2 sp code typically sets this to 60 seconds). This is the time your server has to go from receiving the code to triggering step 2. It is just a confirmation system, and its purpose is to also store the info provided in step 1 to prevent hijacks.
Step 2 (token)
This is where your access token is actually created. Lots of verifications, lots of stuff, but in the end, the token is just a value that links your client_id and your token. That's all it is.
Shameless plug: if you're using the Laravel framework, I've built exactly this from scratch (rather than using the crappy, undocumented sample code): http://bundles.laravel.com/bundle/oauth2-sp
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With