Client library to integrate an OAuth2.0 authorization flow into PHP applications.
-
Provide your own implementation of the
Mw\Spaces\OAuth2\Contextinterface:namespace Your\Namespace; class Context implements \Mw\Spaces\OAuth2\Context { public function getRedirectURI() { return "https://my-application.example/oauth-redir"; } }Note that the
/oauth-redirpath needs to point to an application-specific OAuth2 redirection handler implemented by you. -
Create the OAuth2.0 provider:
$ctx = new \Your\Namespace\Context(); $opts = new \Mw\Spaces\OAuth2\EnvironmentOptions($_SERVER); $provider = new \Mw\Spaces\OAuth2\SpacesProvider($opts, $ctx); -
Next, retrieve the authorization URL and redirect your user there:
$authorizationURL = $provider->getAuthorizationUrl(); $_SESSION["spaces.de/auth/csrf"] = $provider->getState(); header("Location: " . $authorizationURL); -
The identity provider will prompt the user for their credentials, and - on success - will redirect the user back to your Redirect URI. When handling the redirected request, you'll need to retrieve the authorization code and check the CSRF value:
$state = $_GET["state"]; $code = $_GET["code"]; if ($_SESSION["spaces.de/auth/csrf"] != $state) { die("..."); }After that, you can use the code to retrieve your access token:
$accessToken = $provider->getAccessToken('authorization_code', [ 'code' => $code, ]); -
Having the
$accessToken, you can now (all while handling the redirected request) use that token to load the resource owner:try { $owner = $provider->getResourceOwner($accessToken); $ownerID = $accessToken->getResourceOwnerId(); // synchronize local user using $owner } catch (\Mw\Spaces\OAuth2\Error\UserNotPresentException $err) { // user has no access to project // deny login }Use the data in the
$ownerobject to construct a new local user (or update an existing record). You can store the Resource Owner ID for each created user to match them later on.