add refresh token capability

Yottaa · Mar 7, 2012 · b6f4a8f · b6f4a8f
1 parent c959d48
commit b6f4a8f
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 25 deletions.
diff --git a/php/config/oauth_client_sample.yml b/php/config/oauth_client_sample.yml
@@ -3,29 +3,21 @@ development:
   app_url: https://api-dev.yottaa.com
   client_url: http://localhost/OAuth2PHPClient
   server_url: https://api-dev.yottaa.com
-  client_id: 4f1dcd32c66d484f63000144
-  client_secret: 0c3f6703c3ce05b397c1db34b5975e1f33e154e4917db9da8faddf26d541741a
+  client_id: 
+  client_secret: 
 
 staging:
   app_name: Yottaa Link (staging)
   app_url: https://api-dev.yottaa.com
   client_url: http://10.0.1.72/OAuth2PHPClient
   server_url: https://api-dev.yottaa.com
-  client_id: 4f1de7d1c66d484f63000173
-  client_secret: 35eb9a8e5570331a7ef2ec9c72319ecfda5e956dddf9bc5686d2168e754ba48f
-
-server:
-  app_name: Yottaa Link (server)
-  app_url: https://api-dev.yottaa.com
-  client_url: http://dsomach.scripts.mit.edu/yottaa/oauth
-  server_url: https://api-dev.yottaa.com
-  client_id: 4f1deb7bc66d484f63000187
-  client_secret: fcf234f360c95d5a5ac16e39ea293a11b4e0b49ec04643cfbcd78c3224305e4a
+  client_id: 
+  client_secret: 
 
 production:
   app_name: Yottaa Link
   app_url: https://api-dev.yottaa.com
   client_url: https://api-dev.yottaa.com
   server_url: https://api-dev.yottaa.com
-  client_id: 4f16cbe2c66d484f63000002
-  client_secret: d5a672039cdc03706ae3ca0b2d480f9b5060562906d598331b1a4e2629b6f58f
+  client_id: 
+  client_secret: 
diff --git a/php/oauth_client_sample.php b/php/oauth_client_sample.php
@@ -2,7 +2,7 @@
 session_start();
 // OAuth2 PHP Sample Client
 // Choose environment (ENV):
-// (options: development, staging, server, production)
+// (options: development, staging, production)
 $ENV = 'development';
 
 define('APP_PATH', dirname(__FILE__));
@@ -29,7 +29,7 @@
 // The client instance - see "Client.php"
 $client = new OAuth2\Client($client_id, $client_secret);
 
-if (!isset($_GET['code']) && !isset($_SESSION['token']))
+if (!isset($_GET['code']) && !isset($_SESSION['access_token']))
 {
 	// On first load, get authentication from Yottaa.
 	$auth_url = $client->getAuthenticationUrl($authorize_url, $redirect_uri);
@@ -41,23 +41,26 @@
 	// If we don't have a token set as a session variable, then the page load
 	// comes after requesting the authorization grant. Fetch the access token
 	// in this scenario.
-	if (!isset($_SESSION['token']))
+	if (!isset($_SESSION['access_token']))
 	{
 		// Once we've received the authentication grant, fetch the access token.
 		$authorization_code = $_GET['code'];
 
 		$params = array('code' => $authorization_code, 'redirect_uri' => $redirect_uri);
 		$response = $client->getAccessToken($server_url . '/oauth/access_token', 'authorization_code', $params);
 		$access_token = $response['result']['access_token'];
+		$refresh_token = $response['result']['refresh_token'];
 
-		// Store the access token as a session variable.
-		$_SESSION['token'] = $access_token;
+		// Store the access token and refresh token as a session variable.
+		$_SESSION['access_token'] = $access_token;
+		$_SESSION['refresh_token'] = $refresh_token;
 	}
 	// Otherwise, if the token is already stored as a session variable, we can
 	// go directly to requesting any protected resource.
 	else
 	{
-		$access_token = $_SESSION['token'];
+		$access_token = $_SESSION['access_token'];
+		$refresh_token = $_SESSION['refresh_token'];
 	}
 	// Set the access token - it will be used when fetching the protected resources.
 	$client->setAccessToken($access_token);
@@ -75,14 +78,25 @@
 
 	// Fetch the user's email and site list.
 	$response = $client->fetch($URL_email, array(), 'GET', $http_headers);
-
+		
 	// If the request failed, restart the authorization process:
 	// (Otherwise, continue with resource fetching.)
+	echo var_dump($response);
+
 	if ($response['code'] == 401)
 	{
-		$auth_url = $client->getAuthenticationUrl($authorize_url, $redirect_uri);
-		header('Location: ' . $auth_url);
-		die('Redirect');	
+		// Reauthorize using refresh token if the access token has been expired
+		$params = array('refresh_token' => $_SESSION['refresh_token'], 'redirect_uri' => $redirect_uri);
+		$response = $client->getAccessToken($server_url . '/oauth/access_token', 'refresh_token', $params);
+
+		// After reauthorization is complete, refetch protected resource (email)
+		$response = $client->fetch($URL_email, array(), 'GET', $http_headers);
+
+		echo "<h2>Access token has expired, used refresh token.</h2>";
+	}
+	else
+	{
+		echo "<h2>Valid access token, no need to use refresh token.</h2>";
 	}
 	$user_email = $response['result'];
 
@@ -97,7 +111,8 @@
 	{
 		echo "<b>Authorization Code:</b> <i>(using token stored in session)</i><br /><br />";
 	}
-	echo "<b>Token:</b> $access_token <br /><br />";
+	echo "<b>Access Token:</b> $access_token <br /><br />";
+	echo "<b>Refresh Token:</b> $refresh_token <br /><br />";
 	echo "<b>User email:</b> $user_email <br /><br />";
 	echo "<b>User sites:</b> <ul>";