Developing an OAuth 2.0 authorization server into an existing API |
[eluser]mulama77[/eluser]
Has anyone tried implementing https://github.com/lncd/OAuth2/wiki/Deve...ion-server. Below is a sample code that i need to run first. The constructor works perfectly but i can't seem to get the authorise function retrieve the auth params from the user's session. <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); class Oauth extends CI_Controller { public function __construct() { parent::__construct(); $this->load->helper('url'); // Initiate the request handler which deals with $_GET, $_POST, etc $request = new \OAuth2\Util\Request(); // Include the Composer autoloader include 'vendor/autoload.php'; // Include the storage models include 'model_client.php'; include 'model_scope.php'; include 'model_session.php'; // Create the auth server, the three parameters passed are references to the storage models $this->authserver = new \OAuth2\AuthServer(new ClientModel, new SessionModel, new ScopeModel); // Enable the authorization code grant type $this->authserver->addGrantType(new \OAuth2\Grant\AuthCode()); // Set the TTL of an access token in seconds (default to 3600s / 1 hour) $this->authserver->setExpiresIn(86400); } public function action_index() { try { // Tell the auth server to check the required parameters are in the query string $params = $this->authserver->checkAuthoriseParams(); // Save the verified parameters to the user's session Session::put('client_id', $params['client_id']); Session::put('client_details', $params['client_details']); Session::put('redirect_uri', $params['redirect_uri']); Session::put('response_type', $params['response_type']); Session::put('scopes', $params['scopes']); // Redirect the user to the sign-in route return Redirect::to('oauth/signin'); } catch (Oauth2\Exception\ClientException $e) { // Throw an error here which says what the problem is with the auth params } catch (Exception $e) { // Throw an error here which has caught a non-library specific error } } public function action_authorise() { // Retrieve the auth params from the user's session $params['client_id'] = Session::get('client_id'); $params['client_details'] = Session::get('client_details'); $params['redirect_uri'] = Session::get('redirect_uri'); $params['response_type'] = Session::get('response_type'); $params['scopes'] = Session::get('scopes'); // Check that the auth params are all present foreach ($params as $key=>$value) { if ($value === null) { // Throw an error because an auth param is missing - don't continue any further } } // Get the user ID $params['user_id'] = Session::get('user_id'); // User is not signed in so redirect them to the sign-in route (/oauth/signin) if ($params['user_id'] === null) { return Redirect::to('signin'); } // Check if the client should be automatically approved $autoApprove = ($params['client_details']['auto_approve'] === '1') ? true : false; // Process the authorise request if the user's has clicked 'approve' or the client if (Input::get('approve') !== null || $autoApprove === true) { // Generate an authorization code $code = $this->authserver->newAuthoriseRequest('user', $params['user_id'], $params); // Redirect the user back to the client with an authorization code return Redirect::to(\OAuth2\Util\RedirectUri::make($params['redirect_uri'], array( 'code' => $code, 'state' => isset($params['state']) ? $params['state'] : '' ))); } // If the user has denied the client so redirect them back without an authorization code if (Input::get('deny') !== null) { return Redirect::to(\OAuth2\Util\RedirectUri::make($params['redirect_uri'], array( 'error' => $this->authserver->exceptionCodes[2], 'error_message' => $this->authserver->errors[$this->authserver->exceptionCodes[2]], 'state' => isset($params['state']) ? $params['state'] : '' ))); } // The client shouldn't automatically be approved and the user hasn't yet approved it so show them a form return View::make('oauth.authorise', $params); } }
[eluser]Unknown[/eluser]
I've not done it, but am looking into it. Specifically Alex's new non-CI version, and getting it into CI. So I'm only posting for moral support. |
Welcome Guest, Not a member yet? Register Sign In |