From 3c83417db870cd878f0ce756e3f15c43dae42b55 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Mon, 1 May 2023 13:31:38 -0700 Subject: [PATCH 1/3] feat: user-supplied query params for auth url --- src/Client.php | 5 +++-- tests/Google/ClientTest.php | 10 ++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/Client.php b/src/Client.php index 3366899f7..383726160 100644 --- a/src/Client.php +++ b/src/Client.php @@ -357,9 +357,10 @@ public function fetchAccessTokenWithRefreshToken($refreshToken = null) * The authorization endpoint allows the user to first * authenticate, and then grant/deny the access request. * @param string|array $scope The scope is expressed as an array or list of space-delimited strings. + * @param array $queryParams Querystring params to add to the authorization URL. * @return string */ - public function createAuthUrl($scope = null) + public function createAuthUrl($scope = null, array $queryParams = []) { if (empty($scope)) { $scope = $this->prepareScopes(); @@ -390,7 +391,7 @@ public function createAuthUrl($scope = null) 'response_type' => 'code', 'scope' => $scope, 'state' => $this->config['state'], - ]); + ]) + $queryParams; // If the list of scopes contains plus.login, add request_visible_actions // to auth URL. diff --git a/tests/Google/ClientTest.php b/tests/Google/ClientTest.php index 963ea071b..04da74ef9 100644 --- a/tests/Google/ClientTest.php +++ b/tests/Google/ClientTest.php @@ -1025,4 +1025,14 @@ public function testSetNewRedirectUri() $authUrl2 = $client->createAuthUrl(); $this->assertStringContainsString(urlencode($redirectUri2), $authUrl2); } + + public function testQueryParamsForAuthUrl() + { + $client = new Client(); + $client->setRedirectUri('https://example.com'); + $authUrl1 = $client->createAuthUrl(null, [ + 'enable_serial_consent' => 'true' + ]); + $this->assertStringContainsString('&enable_serial_consent=true', $authUrl1); + } } From 6a94ad291f5bb3cef5378e7b8343b585a495a580 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Mon, 1 May 2023 13:34:38 -0700 Subject: [PATCH 2/3] update readme with partial consent instructions --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index 0e623c0c7..4292b586c 100644 --- a/README.md +++ b/README.md @@ -422,6 +422,28 @@ $client->setHttpClient($httpClient); Other Guzzle features such as [Handlers and Middleware](http://docs.guzzlephp.org/en/stable/handlers-and-middleware.html) offer even more control. +### Partial Consent and Granted Scopes + +When using OAuth2 3LO (e.g. you're a client requesting credentials from a 3rd +party, such as in the [simple file upload example](examples/simple-file-upload.php)), +you may want to take advantage of Partial Consent. + +To allow clients to only grant certain scopes in the OAuth2 screen, pass the +querystring parameter for `enable_serial_consent` when generating the +authorization URL: + +```php +$authUrl = $client->createAuthUrl($scope, ['enable_serial_consent' => 'true']); +``` + +Once the flow is completed, you can see which scopes were granted by calling +`getGrantedScope` on the OAuth2 object: + +```php +// Comma-separated string of granted scopes if it exists, otherwise null. +echo $client->getOAuth2Service()->getGrantedScope(); +``` + ### Service Specific Examples ### YouTube: https://github.com/youtube/api-samples/tree/master/php From 024ef383a1eee1a34d20d4cc0a1bbace34982282 Mon Sep 17 00:00:00 2001 From: Brent Shaffer Date: Tue, 2 May 2023 11:33:36 -0700 Subject: [PATCH 3/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4292b586c..d9c653ae1 100644 --- a/README.md +++ b/README.md @@ -440,7 +440,7 @@ Once the flow is completed, you can see which scopes were granted by calling `getGrantedScope` on the OAuth2 object: ```php -// Comma-separated string of granted scopes if it exists, otherwise null. +// Space-separated string of granted scopes if it exists, otherwise null. echo $client->getOAuth2Service()->getGrantedScope(); ```