-
Notifications
You must be signed in to change notification settings - Fork 0
/
AuthorizationCodeGrant.php
102 lines (74 loc) · 3.75 KB
/
AuthorizationCodeGrant.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
/**
* Doc. https://oauth2-client.thephpleague.com/usage/
*
*/
session_start();
require_once __DIR__ . "/vendor/autoload.php";
require_once __DIR__ . "/_config.php";
if (empty($_GET['jeedom_id'])) { die('missing id'); }
$jeedom_id = (filter_var($_GET['jeedom_id'], FILTER_SANITIZE_STRING));
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => CLIENT_ID, // The client ID assigned to you by the provider
'clientSecret' => CLIENT_SECRET, // The client password assigned to you by the provider
'redirectUri' => REDIRECT_URI_BASE . '/AuthorizationCodeGrant.php?jeedom_id=' . $jeedom_id,
'urlAuthorize' => 'https://api.netatmo.com/oauth2/authorize',
'urlAccessToken' => 'https://api.netatmo.com/oauth2/token',
'urlResourceOwnerDetails' => 'https://service.example.com/resource'
]);
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl([
'scope' => ['read_station']
]);
// Get the state generated for you and store it to the session.
$_SESSION['oauth2state'] = $provider->getState();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || empty($_SESSION['oauth2state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
if (isset($_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
}
exit('Invalid state');
} else {
try {
// Try to get an access token using the authorization code grant.
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// We have an access token, which we may use in authenticated
// requests against the service provider's API.
// echo 'Access Token: ' . $accessToken->getToken() . "<br>";
// echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "<br>";
// echo 'Expired in: ' . $accessToken->getExpires() . "<br>";
// echo 'Already expired? ' . ($accessToken->hasExpired() ? 'expired' : 'not expired') . "<br>";
// echo $jeedom_id;
// Connect MySQL
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno) { die("Connect failed: " . $mysqli->connect_error); }
// Delete previous tokens
$query = sprintf("DELETE FROM `netatmoPublicData` WHERE `jeedom_id` = '%s';",
$mysqli->real_escape_string($jeedom_id),
);
if (!$mysqli->query($query)) { die("Error message: " . $mysqli->error); }
// Save new ones
$query = sprintf("INSERT INTO `netatmoPublicData` (`jeedom_id`, `npd_access_token`, `npd_refresh_token`, `npd_expires_at`, `created` )
VALUES ('%s', '%s', '%s', '%s', NOW());",
$mysqli->real_escape_string($jeedom_id),
$mysqli->real_escape_string($accessToken->getToken()),
$mysqli->real_escape_string($accessToken->getRefreshToken()),
$mysqli->real_escape_string($accessToken->getExpires())
);
// echo $query;
if (!$mysqli->query($query)) { die("Error message: " . $mysqli->error); }
echo "✅";
} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
// Failed to get the access token or user details.
exit($e->getMessage());
}
}