/
example.php
155 lines (140 loc) · 6.55 KB
/
example.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?php
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// Google API OAuth Authorization using the OAuthSimple library
//
// Author: Guido Schlabitz
// Email: guido.schlabitz@gmail.com
//
// This example uses the OAuthSimple library for PHP
// found here: http://unitedHeroes.net/OAuthSimple
//
// For more information about the OAuth process for web applications
// accessing Google APIs, read this guide:
// http://code.google.com/apis/accounts/docs/OAuth_ref.html
//
//////////////////////////////////////////////////////////////////////
require 'oauth.php';
$oauthObject = new OAuthSimple();
// As this is an example, I am not doing any error checking to keep
// things simple. Initialize the output in case we get stuck in
// the first step.
$output = 'Authorizing...';
// Fill in your API key/consumer key you received when you registered your
// application with Google.
$signatures = array( 'consumer_key' => 'example.com',
'shared_secret' => 'example_secret');
// In step 3, a verifier will be submitted. If it's not there, we must be
// just starting out. Let's do step 1 then.
if (!isset($_GET['oauth_verifier'])) {
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// Step 1: Get a Request Token
//
// Get a temporary request token to facilitate the user authorization
// in step 2. We make a request to the OAuthGetRequestToken endpoint,
// submitting the scope of the access we need (in this case, all the
// user's calendars) and also tell Google where to go once the token
// authorization on their side is finished.
//
$result = $oauthObject->sign(array(
'path' =>'https://www.google.com/accounts/OAuthGetRequestToken',
'parameters'=> array(
'scope' => 'http://www.google.com/calendar/feeds/',
'oauth_callback'=> 'http://bitbutton.com/oauthsimple/example.php'),
'signatures'=> $signatures));
// The above object generates a simple URL that includes a signature, the
// needed parameters, and the web page that will handle our request. I now
// "load" that web page into a string variable.
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
curl_close($ch);
// We parse the string for the request token and the matching token
// secret. Again, I'm not handling any errors and just plough ahead
// assuming everything is hunky dory.
parse_str($r, $returned_items);
$request_token = $returned_items['oauth_token'];
$request_token_secret = $returned_items['oauth_token_secret'];
// We will need the request token and secret after the authorization.
// Google will forward the request token, but not the secret.
// Set a cookie, so the secret will be available once we return to this page.
setcookie("oauth_token_secret", $request_token_secret, time()+3600);
//
//////////////////////////////////////////////////////////////////////
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// Step 2: Authorize the Request Token
//
// Generate a URL for an authorization request, then redirect to that URL
// so the user can authorize our access request. The user could also deny
// the request, so don't forget to add something to handle that case.
$result = $oauthObject->sign(array(
'path' =>'https://www.google.com/accounts/OAuthAuthorizeToken',
'parameters'=> array(
'oauth_token' => $request_token),
'signatures'=> $signatures));
// See you in a sec in step 3.
header("Location:$result[signed_url]");
exit;
//////////////////////////////////////////////////////////////////////
}
else {
///////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
// Step 3: Exchange the Authorized Request Token for a Long-Term
// Access Token.
//
// We just returned from the user authorization process on Google's site.
// The token returned is the same request token we got in step 1. To
// sign this exchange request, we also need the request token secret that
// we baked into a cookie earlier.
//
// Fetch the cookie and amend our signature array with the request
// token and secret.
$signatures['oauth_secret'] = $_COOKIE['oauth_token_secret'];
$signatures['oauth_token'] = $_GET['oauth_token'];
// Build the request-URL...
$result = $oauthObject->sign(array(
'path' => 'https://www.google.com/accounts/OAuthGetAccessToken',
'parameters'=> array(
'oauth_verifier' => $_GET['oauth_verifier'],
'oauth_token' => $_GET['oauth_token']),
'signatures'=> $signatures));
// ... and grab the resulting string again.
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$r = curl_exec($ch);
// Voila, we've got a long-term access token.
parse_str($r, $returned_items);
$access_token = $returned_items['oauth_token'];
$access_token_secret = $returned_items['oauth_token_secret'];
// We can use this long-term access token to request Google API data,
// for example, a list of calendars.
// All Google API data requests will have to be signed just as before,
// but we can now bypass the authorization process and use the long-term
// access token you hopefully stored somewhere permanently.
$signatures['oauth_token'] = $access_token;
$signatures['oauth_secret'] = $access_token_secret;
//////////////////////////////////////////////////////////////////////
// Example Google API Access:
// This will build a link to an RSS feed of the users calendars.
$oauthObject->reset();
$result = $oauthObject->sign(array(
'path' =>'http://www.google.com/calendar/feeds/default/allcalendars/full',
'parameters'=> array('orderby' => 'starttime'),
'signatures'=> $signatures));
// Instead of going to the list, I will just print the link along with the
// access token and secret, so we can play with it in the sandbox:
// http://googlecodesamples.com/oauth_playground/
//
curl_setopt($ch, CURLOPT_URL, $result['signed_url']);
$output = "<p>Access Token: $access_token<BR>
Token Secret: $access_token_secret</p>
<p><a href='$result[signed_url]'>List of Calendars</a></p>";
curl_close($ch);
}
?>
<HTML>
<BODY>
<?php echo $output;?>
</BODY>
</HTML>