267 lines
7.8 KiB
PHP
267 lines
7.8 KiB
PHP
<?php
|
|
/**
|
|
* HybridAuth
|
|
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
|
|
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
|
|
*/
|
|
|
|
// A service client for the OAuth 2 flow.
|
|
// v0.1.1
|
|
class OAuth2Client
|
|
{
|
|
public $api_base_url = "";
|
|
public $authorize_url = "";
|
|
public $token_url = "";
|
|
public $token_info_url = "";
|
|
|
|
public $client_id = "" ;
|
|
public $client_secret = "" ;
|
|
public $redirect_uri = "" ;
|
|
public $access_token = "" ;
|
|
public $refresh_token = "" ;
|
|
|
|
public $access_token_expires_in = "" ;
|
|
public $access_token_expires_at = "" ;
|
|
|
|
//--
|
|
|
|
public $sign_token_name = "access_token";
|
|
public $decode_json = true;
|
|
public $curl_time_out = 30;
|
|
public $curl_connect_time_out = 30;
|
|
public $curl_ssl_verifypeer = false;
|
|
public $curl_ssl_verifyhost = false;
|
|
public $curl_header = array();
|
|
public $curl_useragent = "OAuth/2 Simple PHP Client v0.1.1; HybridAuth http://hybridauth.sourceforge.net/";
|
|
public $curl_authenticate_method = "POST";
|
|
public $curl_proxy = null;
|
|
public $curl_compressed = false;
|
|
//--
|
|
|
|
public $http_code = "";
|
|
public $http_info = "";
|
|
protected $response = null;
|
|
|
|
//--
|
|
|
|
public function __construct( $client_id = false, $client_secret = false, $redirect_uri='', $compressed = false )
|
|
{
|
|
$this->client_id = $client_id;
|
|
$this->client_secret = $client_secret;
|
|
$this->redirect_uri = $redirect_uri;
|
|
$this->curl_compressed = $compressed;
|
|
}
|
|
|
|
public function authorizeUrl( $extras = array() )
|
|
{
|
|
$params = array(
|
|
"client_id" => $this->client_id,
|
|
"redirect_uri" => $this->redirect_uri,
|
|
"response_type" => "code"
|
|
);
|
|
|
|
if( count($extras) )
|
|
foreach( $extras as $k=>$v )
|
|
$params[$k] = $v;
|
|
|
|
return $this->authorize_url . "?" . http_build_query($params, '', '&');
|
|
}
|
|
|
|
public function authenticate( $code )
|
|
{
|
|
$params = array(
|
|
"client_id" => $this->client_id,
|
|
"client_secret" => $this->client_secret,
|
|
"grant_type" => "authorization_code",
|
|
"redirect_uri" => $this->redirect_uri,
|
|
"code" => $code
|
|
);
|
|
|
|
$response = $this->request( $this->token_url, $params, $this->curl_authenticate_method );
|
|
|
|
$response = $this->parseRequestResult( $response );
|
|
|
|
if( ! $response || ! isset( $response->access_token ) ){
|
|
throw new Exception( "The Authorization Service has return: " . $response->error );
|
|
}
|
|
|
|
if( isset( $response->access_token ) ) $this->access_token = $response->access_token;
|
|
if( isset( $response->refresh_token ) ) $this->refresh_token = $response->refresh_token;
|
|
if( isset( $response->expires_in ) ) $this->access_token_expires_in = $response->expires_in;
|
|
|
|
// calculate when the access token expire
|
|
if( isset($response->expires_in)) {
|
|
$this->access_token_expires_at = time() + $response->expires_in;
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
|
|
public function authenticated()
|
|
{
|
|
if ( $this->access_token ){
|
|
if ( $this->token_info_url && $this->refresh_token ){
|
|
// check if this access token has expired,
|
|
$tokeninfo = $this->tokenInfo( $this->access_token );
|
|
|
|
// if yes, access_token has expired, then ask for a new one
|
|
if( $tokeninfo && isset( $tokeninfo->error ) ){
|
|
$response = $this->refreshToken( $this->refresh_token );
|
|
|
|
// if wrong response
|
|
if( ! isset( $response->access_token ) || ! $response->access_token ){
|
|
throw new Exception( "The Authorization Service has return an invalid response while requesting a new access token. given up!" );
|
|
}
|
|
|
|
// set new access_token
|
|
$this->access_token = $response->access_token;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Format and sign an oauth for provider api
|
|
*/
|
|
public function api( $url, $method = "GET", $parameters = array() )
|
|
{
|
|
if ( strrpos($url, 'http://') !== 0 && strrpos($url, 'https://') !== 0 ) {
|
|
$url = $this->api_base_url . $url;
|
|
}
|
|
|
|
$parameters[$this->sign_token_name] = $this->access_token;
|
|
$response = null;
|
|
|
|
switch( $method ){
|
|
case 'GET' : $response = $this->request( $url, $parameters, "GET" ); break;
|
|
case 'POST' : $response = $this->request( $url, $parameters, "POST" ); break;
|
|
}
|
|
|
|
if( $response && $this->decode_json ){
|
|
return $this->response = json_decode( $response );
|
|
}
|
|
|
|
return $this->response = $response;
|
|
}
|
|
|
|
/**
|
|
* Return the response object afer the fact
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function getResponse()
|
|
{
|
|
return $this->response;
|
|
}
|
|
|
|
/**
|
|
* GET wrapper for provider apis request
|
|
*/
|
|
function get( $url, $parameters = array() )
|
|
{
|
|
return $this->api( $url, 'GET', $parameters );
|
|
}
|
|
|
|
/**
|
|
* POST wrapper for provider apis request
|
|
*/
|
|
function post( $url, $parameters = array() )
|
|
{
|
|
return $this->api( $url, 'POST', $parameters );
|
|
}
|
|
|
|
// -- tokens
|
|
|
|
public function tokenInfo($accesstoken)
|
|
{
|
|
$params['access_token'] = $this->access_token;
|
|
$response = $this->request( $this->token_info_url, $params );
|
|
return $this->parseRequestResult( $response );
|
|
}
|
|
|
|
public function refreshToken( $parameters = array() )
|
|
{
|
|
$params = array(
|
|
"client_id" => $this->client_id,
|
|
"client_secret" => $this->client_secret,
|
|
"grant_type" => "refresh_token"
|
|
);
|
|
|
|
foreach($parameters as $k=>$v ){
|
|
$params[$k] = $v;
|
|
}
|
|
|
|
$response = $this->request( $this->token_url, $params, "POST" );
|
|
return $this->parseRequestResult( $response );
|
|
}
|
|
|
|
// -- utilities
|
|
|
|
private function request( $url, $params=false, $type="GET" )
|
|
{
|
|
Hybrid_Logger::info( "Enter OAuth2Client::request( $url )" );
|
|
Hybrid_Logger::debug( "OAuth2Client::request(). dump request params: ", serialize( $params ) );
|
|
|
|
if( $type == "GET" ){
|
|
$url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . http_build_query($params, '', '&');
|
|
}
|
|
|
|
$this->http_info = array();
|
|
$ch = curl_init();
|
|
|
|
curl_setopt($ch, CURLOPT_URL , $url );
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 );
|
|
curl_setopt($ch, CURLOPT_TIMEOUT , $this->curl_time_out );
|
|
curl_setopt($ch, CURLOPT_USERAGENT , $this->curl_useragent );
|
|
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out );
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer );
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost );
|
|
curl_setopt($ch, CURLOPT_HTTPHEADER , $this->curl_header );
|
|
|
|
if ($this->curl_compressed){
|
|
curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate");
|
|
}
|
|
|
|
if($this->curl_proxy){
|
|
curl_setopt( $ch, CURLOPT_PROXY , $this->curl_proxy);
|
|
}
|
|
|
|
if( $type == "POST" ){
|
|
curl_setopt($ch, CURLOPT_POST, 1);
|
|
if($params) curl_setopt( $ch, CURLOPT_POSTFIELDS, $params );
|
|
}
|
|
|
|
$response = curl_exec($ch);
|
|
if( $response === false ) {
|
|
Hybrid_Logger::error( "OAuth2Client::request(). curl_exec error: ", curl_error($ch) );
|
|
}
|
|
Hybrid_Logger::debug( "OAuth2Client::request(). dump request info: ", serialize( curl_getinfo($ch) ) );
|
|
Hybrid_Logger::debug( "OAuth2Client::request(). dump request result: ", serialize( $response ) );
|
|
|
|
$this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
$this->http_info = array_merge($this->http_info, curl_getinfo($ch));
|
|
|
|
curl_close ($ch);
|
|
|
|
return $response;
|
|
}
|
|
|
|
private function parseRequestResult( $result )
|
|
{
|
|
if( json_decode( $result ) ) return json_decode( $result );
|
|
|
|
parse_str( $result, $output );
|
|
|
|
$result = new StdClass();
|
|
|
|
foreach( $output as $k => $v )
|
|
$result->$k = $v;
|
|
|
|
return $result;
|
|
}
|
|
}
|