Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

add refresh token capability

  • Loading branch information...
commit b6f4a8f4b6ca8f9a49f0b43279db0553f3d8b5dc 1 parent c959d48
@david-somach-yottaa david-somach-yottaa authored
Showing with 32 additions and 25 deletions.
  1. +6 −14 php/config/oauth_client_sample.yml
  2. +26 −11 php/oauth_client_sample.php
View
20 php/config/oauth_client_sample.yml
@@ -3,29 +3,21 @@ development:
app_url: https://api-dev.yottaa.com
client_url: http://localhost/OAuth2PHPClient
server_url: https://api-dev.yottaa.com
- client_id: 4f1dcd32c66d484f63000144
- client_secret: 0c3f6703c3ce05b397c1db34b5975e1f33e154e4917db9da8faddf26d541741a
+ client_id:
+ client_secret:
staging:
app_name: Yottaa Link (staging)
app_url: https://api-dev.yottaa.com
client_url: http://10.0.1.72/OAuth2PHPClient
server_url: https://api-dev.yottaa.com
- client_id: 4f1de7d1c66d484f63000173
- client_secret: 35eb9a8e5570331a7ef2ec9c72319ecfda5e956dddf9bc5686d2168e754ba48f
-
-server:
- app_name: Yottaa Link (server)
- app_url: https://api-dev.yottaa.com
- client_url: http://dsomach.scripts.mit.edu/yottaa/oauth
- server_url: https://api-dev.yottaa.com
- client_id: 4f1deb7bc66d484f63000187
- client_secret: fcf234f360c95d5a5ac16e39ea293a11b4e0b49ec04643cfbcd78c3224305e4a
+ client_id:
+ client_secret:
production:
app_name: Yottaa Link
app_url: https://api-dev.yottaa.com
client_url: https://api-dev.yottaa.com
server_url: https://api-dev.yottaa.com
- client_id: 4f16cbe2c66d484f63000002
- client_secret: d5a672039cdc03706ae3ca0b2d480f9b5060562906d598331b1a4e2629b6f58f
+ client_id:
+ client_secret:
View
37 php/oauth_client_sample.php
@@ -2,7 +2,7 @@
session_start();
// OAuth2 PHP Sample Client
// Choose environment (ENV):
-// (options: development, staging, server, production)
+// (options: development, staging, production)
$ENV = 'development';
define('APP_PATH', dirname(__FILE__));
@@ -29,7 +29,7 @@
// The client instance - see "Client.php"
$client = new OAuth2\Client($client_id, $client_secret);
-if (!isset($_GET['code']) && !isset($_SESSION['token']))
+if (!isset($_GET['code']) && !isset($_SESSION['access_token']))
{
// On first load, get authentication from Yottaa.
$auth_url = $client->getAuthenticationUrl($authorize_url, $redirect_uri);
@@ -41,7 +41,7 @@
// If we don't have a token set as a session variable, then the page load
// comes after requesting the authorization grant. Fetch the access token
// in this scenario.
- if (!isset($_SESSION['token']))
+ if (!isset($_SESSION['access_token']))
{
// Once we've received the authentication grant, fetch the access token.
$authorization_code = $_GET['code'];
@@ -49,15 +49,18 @@
$params = array('code' => $authorization_code, 'redirect_uri' => $redirect_uri);
$response = $client->getAccessToken($server_url . '/oauth/access_token', 'authorization_code', $params);
$access_token = $response['result']['access_token'];
+ $refresh_token = $response['result']['refresh_token'];
- // Store the access token as a session variable.
- $_SESSION['token'] = $access_token;
+ // Store the access token and refresh token as a session variable.
+ $_SESSION['access_token'] = $access_token;
+ $_SESSION['refresh_token'] = $refresh_token;
}
// Otherwise, if the token is already stored as a session variable, we can
// go directly to requesting any protected resource.
else
{
- $access_token = $_SESSION['token'];
+ $access_token = $_SESSION['access_token'];
+ $refresh_token = $_SESSION['refresh_token'];
}
// Set the access token - it will be used when fetching the protected resources.
$client->setAccessToken($access_token);
@@ -75,14 +78,25 @@
// Fetch the user's email and site list.
$response = $client->fetch($URL_email, array(), 'GET', $http_headers);
-
+
// If the request failed, restart the authorization process:
// (Otherwise, continue with resource fetching.)
+ echo var_dump($response);
+
if ($response['code'] == 401)
{
- $auth_url = $client->getAuthenticationUrl($authorize_url, $redirect_uri);
- header('Location: ' . $auth_url);
- die('Redirect');
+ // Reauthorize using refresh token if the access token has been expired
+ $params = array('refresh_token' => $_SESSION['refresh_token'], 'redirect_uri' => $redirect_uri);
+ $response = $client->getAccessToken($server_url . '/oauth/access_token', 'refresh_token', $params);
+
+ // After reauthorization is complete, refetch protected resource (email)
+ $response = $client->fetch($URL_email, array(), 'GET', $http_headers);
+
+ echo "<h2>Access token has expired, used refresh token.</h2>";
+ }
+ else
+ {
+ echo "<h2>Valid access token, no need to use refresh token.</h2>";
}
$user_email = $response['result'];
@@ -97,7 +111,8 @@
{
echo "<b>Authorization Code:</b> <i>(using token stored in session)</i><br /><br />";
}
- echo "<b>Token:</b> $access_token <br /><br />";
+ echo "<b>Access Token:</b> $access_token <br /><br />";
+ echo "<b>Refresh Token:</b> $refresh_token <br /><br />";
echo "<b>User email:</b> $user_email <br /><br />";
echo "<b>User sites:</b> <ul>";
Please sign in to comment.
Something went wrong with that request. Please try again.