The OAuth2Client allows you to connect to any OAuth2 server. Just follow the procedure described in the example below.
composer require webiik/oauth2client
// Facebook Example
// Prepare dependencies
$chc = new \Webiik\CurlHttpClient\CurlHttpClient();
// Instantiate OAuth2 client
$oAuth2Client = new \Webiik\OAuth2Client\OAuth2Client($chc);
// Your callback URL after authorization
// OAuth2 server redirects users to this URL, after user verification
$oAuth2Client->setRedirectUri('https://127.0.0.1/webiik/');
// API endpoints
$oAuth2Client->setAuthorizeUrl('https://www.facebook.com/v3.3/dialog/oauth');
$oAuth2Client->setAccessTokenUrl('https://graph.facebook.com/v3.3/oauth/access_token');
$oAuth2Client->setValidateTokenUrl('https://graph.facebook.com/debug_token');
// API credentials (create yours at https://developers.facebook.com/apps/)
$oAuth2Client->setClientId('your-client-id');
$oAuth2Client->setClientSecret('your-client-sectret');
// Make API calls...
// Define scope
$scope = [
'email',
];
if (!isset($_GET['code'])) {
// 1. Prepare Facebook user login link with specified scope and grand type
echo '<a href="' . $oAuth2Client->getAuthorizeUrl($scope) . '" target="_blank">Authorize with Facebook</a><br/>';
}
if (isset($_GET['code'])) {
// 2. Verify code to obtain user access_token
$user = $oAuth2Client->getAccessTokenByCode();
// 3. Verify clientId and clientSecret to obtain app access_token
$app = $oAuth2Client->getAccessTokenByCredentials();
}
if (isset($user, $user['access_token']) && isset($app, $app['access_token'])) {
// 4. User and app access_tokens are valid, user and app are authorized by Facebook
// Access protected resources...
// Get user id
$tokenInfo = $oAuth2Client->getTokenInfo($user['access_token'], $app['access_token'], true);
if (!isset($tokenInfo['data'], $tokenInfo['data']['user_id'])) {
// Err: Can't obtain user id
print_r($tokenInfo);
exit;
}
// Get additional user info
$fields = [
'name',
'first_name',
'middle_name',
'last_name',
'email',
];
$reg = $chc->prepareRequest('https://graph.facebook.com/v3.3/' . $tokenInfo['data']['user_id'] . '/?access_token=' . $user['access_token'] . '&fields=' . implode(',', $fields));
$res = $chc->send($reg);
if ($res->isOk()) {
header('Content-Type: application/json');
echo $res->body();
}
}
Before you can connect to any OAuth2 server, you have to properly configure access credentials and endpoints.
setClientId(string $id): void
setClientId() sets client id.
$oAuth2Client->setClientId('your-client-id');
setClientSecret(string $secret): void
setClientSecret() sets client secret.
$oAuth2Client->setClientSecret('your-client-sectret');
setRedirectUri(string $url): void
setRedirectUri() sets redirect URI to redirect a user after authorization by OAuth2 server.
$oAuth2Client->setRedirectUri('https://127.0.0.1/webiik/');
setAuthorizeUrl(string $url): void
setAuthorizeUrl() sets URL to authorize a user by OAuth2 server.
$oAuth2Client->setAuthorizeUrl('https://www.facebook.com/v3.2/dialog/oauth');
setAccessTokenUrl(string $url): void
setAccessTokenUrl() sets URL to obtain a access token.
$oAuth2Client->setAccessTokenUrl('https://graph.facebook.com/v3.2/oauth/access_token');
setValidateTokenUrl(string $url): void
setValidateTokenUrl() sets URL to validate a access token. This endpoint is not official part of OAuth2 specifications, however Google, Facebook etc. provide it.
$oAuth2Client->setValidateTokenUrl('https://graph.facebook.com/debug_token');
getAuthorizeUrl(array $scope = [], string $responseType = 'code', string $state = ''): string
getAuthorizeUrl() prepares a correct link to a URL set by setAuthorizeUrl().
Parameters
- scope defines access scope of your app. Learn access scopes of individual OAuth2 servers.
- responseType possible response types are code, token, id_token...
- state read about state parameter.
$link = $oAuth2Client->getAuthorizeUrl(['email'])
OAuth2Client allows you to get access token by all grant types provided by OAuth2 protocol. Read more about grant types.
getAccessTokenByCode()
getAccessTokenByCode() makes HTTP POST request to a URL set by setAccessTokenUrl(). Returns an array with token(s) on success and a string with cURL error message on error. This grant type is usually used by apps for authenticating users.
$user = $oAuth2Client->getAccessTokenByCode();
getAccessTokenByPassword(string $username, string $password, array $scope = [])
getAccessTokenByPassword() makes HTTP POST request to a URL set by setAccessTokenUrl(). Returns an array with token(s) on success and a string with cURL error message on error. This grant type is usually used by trusted apps for authenticating users.
$user = $oAuth2Client->getAccessTokenByCode();
getAccessTokenByCredentials()
getAccessTokenByCredentials() makes HTTP POST request to a URL set by setAccessTokenUrl(). Returns an array with token(s) on success and a string with cURL error message on error. This grant type is usually used for server-to-server communication.
$app = $oAuth2Client->getAccessTokenByCredentials();
getAccessTokenByRefreshToken(string $refreshToken)
getAccessTokenByRefreshToken() makes HTTP POST request to a URL set by setAccessTokenUrl(). Returns an array with token(s) on success and a string with cURL error message on error. Usually you can get $refreshToken by setting scope offline_access when calling getAuthorizeUrl(). Read more about refresh_token. It's used to obtain a renewed access token.
$token = $oAuth2Client->getAccessTokenByRefreshToken($refreshToken);
getAccessTokenBy(array $params)
getAccessTokenBy() makes HTTP POST request to a URL set by setAccessTokenUrl(). Returns an array with token(s) on success and a string with cURL error message on error. This method allows you to get access token by custom parameters.
// Get access token by code
$user = $oAuth2Client->getAccessTokenBy([
'redirect_uri' => 'https://127.0.0.1/webiik/',
'grant_type' => 'authorization_code',
'code' => $_GET['code'],
]);
getTokenInfo(string $inputToken, string $accessToken, bool $useGet = false)
getTokenInfo() makes HTTP POST request to a URL set by setValidateTokenUrl(). Returns an array with token(s) on success and a string with cURL error message on error. This is not official part of OAuth2 specifications, however Google, Facebook etc. provide it.
$token = $oAuth2Client->getTokenInfo($inputToken, $accessToken);