Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
315 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<? | ||
$client_id = "1-1e234b54ce23206cdc30e14bc7fea6a2"; | ||
$client_secret = "3aac2f87c3cca316de6d6cd57a49fca3"; | ||
|
||
$redir_url = "http://www.iamcal.com/misc/glitch/oauth-server/step2.php"; | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
<? | ||
################################################################## | ||
|
||
# | ||
# perform a 'simple' HTTP POST. | ||
# | ||
|
||
function curl_http_post($url, $post_args){ | ||
|
||
$curl_handler = curl_init(); | ||
|
||
curl_setopt($curl_handler, CURLOPT_URL, $url); | ||
curl_setopt($curl_handler, CURLOPT_CONNECTTIMEOUT, 5); | ||
curl_setopt($curl_handler, CURLOPT_RETURNTRANSFER, true); | ||
curl_setopt($curl_handler, CURLOPT_TIMEOUT, 5); | ||
curl_setopt($curl_handler, CURLOPT_FAILONERROR, FALSE); | ||
|
||
# | ||
# ignore invalid HTTPS certs. you probably want to comment out | ||
# these lines... | ||
# | ||
|
||
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYPEER, FALSE); | ||
curl_setopt($curl_handler, CURLOPT_SSL_VERIFYHOST, FALSE); | ||
|
||
|
||
# | ||
# it's a post | ||
# | ||
|
||
curl_setopt($curl_handler, CURLOPT_POST, 1); | ||
curl_setopt($curl_handler, CURLOPT_POSTFIELDS, $post_args); | ||
|
||
|
||
# | ||
# send the request | ||
# | ||
|
||
$body = @curl_exec($curl_handler); | ||
$info = @curl_getinfo($curl_handler); | ||
|
||
|
||
# | ||
# close the connection | ||
# | ||
|
||
curl_close($curl_handler); | ||
|
||
|
||
# | ||
# return | ||
# | ||
|
||
return array( | ||
'status' => $info['http_code'], | ||
'body' => $body, | ||
'info' => $info, | ||
); | ||
} | ||
|
||
################################################################## | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<hr /> | ||
|
||
<p> | ||
This demo uses a client ID which is only allowed to request the <code>identity</code> scope. | ||
Your own client ID will be able to request the <code>read</code> and <code>write</code> scopes, which are far better. | ||
</p> | ||
|
||
<p> | ||
If you hit an error, you can <a href="./">start over</a>. | ||
</p> | ||
|
||
</div> | ||
|
||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<!DOCTYPE html> | ||
<html> | ||
<head> | ||
<meta charset="utf-8"> | ||
<title>Glitch OAuth 2 Demo - Server Side Auth</title> | ||
</head> | ||
<body> | ||
|
||
<div style="width: 600px; margin: 0 auto;"> | ||
|
||
<h1>Glitch OAuth 2 Demo - Server Side Auth</h1> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
<? | ||
include('config.php'); | ||
|
||
include('head.txt'); | ||
?> | ||
|
||
<h2>Step 1 - Redirect user to authorization endpoint</h2> | ||
<? | ||
|
||
$args = array( | ||
'response_type' => 'code', | ||
'client_id' => $client_id, | ||
'client_secret' => $client_secret, | ||
'redirect_uri' => $redir_url, | ||
'scope' => 'identity', | ||
'state' => 'hello-world', | ||
); | ||
|
||
$base_url = "http://api.alpha.glitch.com/oauth2/authorize"; | ||
|
||
function build_url($base_url, $args, $more=array()){ | ||
|
||
foreach ($more as $k => $v){ | ||
$args[$k] = $v; | ||
} | ||
|
||
$pairs = array(); | ||
foreach ($args as $k => $v){ | ||
$pairs[] = urlencode($k).'='.urlencode($v); | ||
} | ||
return $base_url.'?'.implode('&', $pairs); | ||
} | ||
|
||
?> | ||
|
||
<p>For this test, we will redirect the user to <code><?=HtmlSpecialChars($base_url)?></code>, with the following parameters:</p> | ||
|
||
<ul> | ||
<? foreach ($args as $k => $v){ ?> | ||
<li><code><?=HtmlSpecialChars($k)?></code> = <code><?=HtmlSpecialChars($v)?></code></li> | ||
<? } ?> | ||
</ul> | ||
|
||
<p><a href="<?=build_url($base_url, $args)?>">Start authorization</a></p> | ||
|
||
<p>Failures that <b>should not</b> redirect back to here:</p> | ||
|
||
<ul> | ||
<li><a href="<?=build_url($base_url, $args, array('client_id' => 'waffles'))?>">Start authorization with bad client_id</a></li> | ||
<li><a href="<?=build_url($base_url, $args, array('client_secret' => 'waffles'))?>">Start authorization with bad client_secret</a></li> | ||
<li><a href="<?=build_url($base_url, $args, array('redirect_uri' => 'waffles'))?>">Start authorization with bad redirect_uri</a></li> | ||
</ul> | ||
|
||
<p>Failures that <b>should</b> redirect back to here:</p> | ||
|
||
<ul> | ||
<li><a href="<?=build_url($base_url, $args, array('scope' => 'waffles'))?>">Start authorization with bad scope</a></li> | ||
<li><a href="<?=build_url($base_url, $args, array('response_type' => 'waffles'))?>">Start authorization with bad response_type</a></li> | ||
</ul> | ||
|
||
<? | ||
include('foot.txt'); | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,158 @@ | ||
<? | ||
include('config.php'); | ||
include('curl.php'); | ||
|
||
if ($_GET['error']){ | ||
|
||
include('head.txt'); | ||
?> | ||
|
||
<h2>Step 2 Error: <?=HtmlSpecialChars($_GET['error'])?></h2> | ||
|
||
<p><b>Error description:</b> <?=HtmlSpecialChars($_GET['error_description'])?></p> | ||
<p><b>State:</b> <code><?=HtmlSpecialChars($_GET['state'])?></code></p> | ||
|
||
<? | ||
include('foot.txt'); | ||
exit; | ||
} | ||
|
||
|
||
if (!$_GET['code']){ | ||
|
||
include('head.txt'); | ||
?> | ||
|
||
<h2>Step 2 Error: No code</h2> | ||
|
||
<p>Odd - we didn't get an authorization code passed back to us. I wonder why?</p> | ||
|
||
<? | ||
include('foot.txt'); | ||
exit; | ||
} | ||
|
||
|
||
$args = array( | ||
'grant_type' => 'authorization_code', | ||
'code' => $_GET['code'], | ||
'client_id' => $client_id, | ||
'client_secret' => $client_secret, | ||
'redirect_uri' => $redir_url, | ||
); | ||
|
||
if ($_GET['exchange']){ | ||
|
||
$ret = curl_http_post("http://api.alpha.glitch.com/oauth2/token", $args); | ||
|
||
|
||
# | ||
# check for bad status | ||
# | ||
|
||
if ($ret['status'] != 200 && $ret['status'] != 400){ | ||
|
||
include('head.txt'); | ||
?> | ||
<h2>Step 3 Error - Unexpected HTTP status code</h2> | ||
|
||
<p>The POST to the token endpoint unexpectedly returned status code <?=HtmlSpecialChars($ret['status'])?>. This might be a temporary failure.</p> | ||
<p>The body of the request follows:</p> | ||
<pre><?=HtmlSpecialChars($ret['body'])?></pre> | ||
<? | ||
include('foot.txt'); | ||
exit; | ||
} | ||
|
||
|
||
# | ||
# can we decode the JSON? | ||
# | ||
|
||
$obj = @json_decode($ret['body'], true); | ||
if (!is_array($obj) || !count($obj)){ | ||
|
||
include('head.txt'); | ||
?> | ||
<h2>Step 3 Error - Unable to parse JSON response</h2> | ||
|
||
<p>The JSON body returned by the API request could not be parsed.</p> | ||
<p>The body of the request follows:</p> | ||
<pre><?=HtmlSpecialChars($ret['body'])?></pre> | ||
<? | ||
include('foot.txt'); | ||
exit; | ||
|
||
} | ||
|
||
|
||
# | ||
# was there an error? | ||
# | ||
|
||
if (strlen($obj['error'])){ | ||
|
||
include('head.txt'); | ||
?> | ||
<h2>Step 3 Error: <?=HtmlSpecialChars($obj['error'])?></h2> | ||
|
||
<p><b>Error description:</b> <?=HtmlSpecialChars($obj['error_description'])?></p> | ||
|
||
<p>The body of the request follows:</p> | ||
<pre><?=HtmlSpecialChars($ret['body'])?></pre> | ||
<? | ||
include('foot.txt'); | ||
exit; | ||
|
||
} | ||
|
||
|
||
# | ||
# looks like we're good to go... | ||
# | ||
|
||
include('head.txt'); | ||
?> | ||
<h2>Step 3 - Use access token</h2> | ||
|
||
<p>The token endpoint has exchanged our authorization code for a usable access token:</p> | ||
|
||
<ul> | ||
<? foreach ($obj as $k => $v){ ?> | ||
<li><code><?=HtmlSpecialChars($k)?></code> = <code><?=HtmlSpecialChars($v)?></code></li> | ||
<? } ?> | ||
</ul> | ||
|
||
<p>We will call an API method using this token, in the iframe below:</p> | ||
|
||
<iframe width="100%" height="200" src="http://api.alpha.glitch.com/simple/auth.check?oauth_token=<?=HtmlSpecialChars($obj['access_token'])?>&simple=1&pretty=1"></iframe> | ||
|
||
<p>That concludes the demo. In your application, you would then store the <code>access_token</code> somewhere on the server and use it for subsequent requests.</p> | ||
<? | ||
include('foot.txt'); | ||
exit; | ||
} | ||
|
||
|
||
include('head.txt'); | ||
?> | ||
|
||
<h2>Step 2 - Exchange code for access token</h2> | ||
|
||
<p>The user has authorized our request and we have been returned the code <code><?=HtmlSpecialChars($_GET['code'])?></code>.</p> | ||
|
||
<p>We now need to exchange this code for an access token, by calling the token endpoint <code>http://api.alpha.glitch.com/oauth2/token</code> with the following parameters:</p> | ||
|
||
<ul> | ||
<? foreach ($args as $k => $v){ ?> | ||
<li><code><?=HtmlSpecialChars($k)?></code> = <code><?=HtmlSpecialChars($v)?></code></li> | ||
<? } ?> | ||
</ul> | ||
|
||
<p>This step must be done using an HTTP POST from the server.</p> | ||
|
||
<p><a href="step2.php?code=<?=HtmlSpecialChars($_GET['code'])?>&exchange=1">Exchange code for access token</a></p> | ||
|
||
<? | ||
include('foot.txt'); | ||
?> |