Skip to content

A Webflow Provider for OAuth2 client library league/oauth2-client

License

Notifications You must be signed in to change notification settings

koalatiapp/oauth2-webflow

Repository files navigation

Webflow Provider for OAuth 2.0 client league/oauth2-client

Latest Version Software License Build Status Total Downloads

This package provides Webflow OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Requirements

This package requires PHP 8.0 or above.

Installation

To install, use composer:

composer require koalati/oauth2-webflow

Usage

Authorization Code Flow

<?php

use Koalati\OAuth2\Client\Provider\Webflow;

session_start();

$provider = new Webflow([
	// @TODO Fill these based on your app's configuration
	/**
	 * @see https://developers.webflow.com/docs/getting-started-with-apps#step-2-get-your-client-id-and-secret)
	 * @see https://developers.webflow.com/docs/oauth#user-authorization
	 */
	'clientId'          => '{webflow-app-id}',
	'clientSecret'      => '{webflow-app-secret}',
	'redirectUri'       => 'https://example.com/callback-url',
]);

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
	$authUrl = $provider->getAuthorizationUrl();
	$_SESSION['oauth2state'] = $provider->getState();
	
	echo "<a href='{$authUrl}'>Log in with Webflow</a>";
	exit;
}

// Check given state against previously stored one to mitigate CSRF attack
if (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
	unset($_SESSION['oauth2state']);

	http_response_code(403);
	echo 'Invalid state / CSRF token.';
	exit;
}

// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
	'code' => $_GET['code']
]);

// At this point, you have an access token you can use to interact with the API.
// You can use it to look up the user's information, or to make any other API calls.
try {
	// We got an access token, let's now get the user's details
	$user = $provider->getResourceOwner($token);

	// Use these details to create a new profile
	printf('<h1>Hello %s!</h1>', $user->getFirstName());
	
	echo "<strong>Your Webflow user info:</strong><br>";
	echo '<pre>';
	print_r($user);
	echo '</pre>';

} catch (\Exception $e) {
	// Failed to get user details
	exit("An error has occured while fetching the Webflow user's information.");
}

echo "<strong>Your Webflow access token:</strong> (keep this safe!)<br>";
echo '<pre>';
// Use this to interact with an API on the users behalf
echo $token->getToken();
echo '</pre>';

Revoke Code Flow

<?php

use Koalati\OAuth2\Client\Provider\Webflow;

$provider = new Webflow([
	// @TODO Fill these based on your app's configuration
	/**
	 * @see https://developers.webflow.com/docs/getting-started-with-apps#step-2-get-your-client-id-and-secret)
	 * @see https://developers.webflow.com/docs/oauth#user-authorization
	 */
	'clientId'          => '{webflow-app-id}',
	'clientSecret'      => '{webflow-app-secret}',
	'redirectUri'       => 'https://example.com/callback-url',
]);

// Use the token of "Authorization Code Flow" which you saved somewhere for the user
$token = $token->getToken();

try {
	$provider->revokeAccessToken($token);
} catch (Exception $e) {
	exit('Failed to revoke the Webflow access token.');
}

Webflow API client

This package does not provide any API interactions other than OAuth 2.0 authentication.

However, if you need to interact with the Webflow API, we recommend you check out the koalati/webflow-api-client package.

Contributing

Please see CONTRIBUTING for details.

Credits

The core of this package was developed by Koalati, a QA platform for web developers and agencies.

Check out other contributors who helped maintain and make this package better: All Contributors.

License

The MIT License (MIT). Please see License File for more information.