Developing an OAuth 2.0 authorization server into an existing API

[eluser]mulama77[/eluser]

Has anyone tried implementing https://github.com/lncd/OAuth2/wiki/Deve...ion-server. Below is a sample code that i need to run first. The constructor works perfectly but i can't seem to get the authorise function retrieve the auth params from the user's session.

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Oauth extends CI_Controller {

public function __construct()
{
parent::__construct();
$this->load->helper('url');

// Initiate the request handler which deals with $_GET, $_POST, etc
$request = new \OAuth2\Util\Request();

// Include the Composer autoloader
include 'vendor/autoload.php';

// Include the storage models
include 'model_client.php';
include 'model_scope.php';
include 'model_session.php';

// Create the auth server, the three parameters passed are references to the storage models
$this->authserver = new \OAuth2\AuthServer(new ClientModel, new SessionModel, new ScopeModel);

// Enable the authorization code grant type
$this->authserver->addGrantType(new \OAuth2\Grant\AuthCode());

// Set the TTL of an access token in seconds (default to 3600s / 1 hour)
$this->authserver->setExpiresIn(86400);
}

public function action_index()
{
try {

// Tell the auth server to check the required parameters are in the query string
$params = $this->authserver->checkAuthoriseParams();

// Save the verified parameters to the user's session
Session::put('client_id', $params['client_id']);
Session::put('client_details', $params['client_details']);
Session::put('redirect_uri', $params['redirect_uri']);
Session::put('response_type', $params['response_type']);
Session::put('scopes', $params['scopes']);

// Redirect the user to the sign-in route
return Redirect::to('oauth/signin');

} catch (Oauth2\Exception\ClientException $e) {

// Throw an error here which says what the problem is with the auth params

} catch (Exception $e) {

// Throw an error here which has caught a non-library specific error

}
}


public function action_authorise()
{
// Retrieve the auth params from the user's session

$params['client_id'] = Session::get('client_id');
$params['client_details'] = Session::get('client_details');
$params['redirect_uri'] = Session::get('redirect_uri');
$params['response_type'] = Session::get('response_type');
$params['scopes'] = Session::get('scopes');

// Check that the auth params are all present
foreach ($params as $key=>$value) {
if ($value === null) {
// Throw an error because an auth param is missing - don't continue any further
}
}

// Get the user ID
$params['user_id'] = Session::get('user_id');

// User is not signed in so redirect them to the sign-in route (/oauth/signin)
if ($params['user_id'] === null) {
return Redirect::to('signin');
}

// Check if the client should be automatically approved
$autoApprove = ($params['client_details']['auto_approve'] === '1') ? true : false;

// Process the authorise request if the user's has clicked 'approve' or the client
if (Input::get('approve') !== null || $autoApprove === true) {

// Generate an authorization code
$code = $this->authserver->newAuthoriseRequest('user', $params['user_id'], $params);

// Redirect the user back to the client with an authorization code
return Redirect::to(\OAuth2\Util\RedirectUri::make($params['redirect_uri'], array(
'code' => $code,
'state' => isset($params['state']) ? $params['state'] : ''
)));
}

// If the user has denied the client so redirect them back without an authorization code
if (Input::get('deny') !== null) {
return Redirect::to(\OAuth2\Util\RedirectUri::make($params['redirect_uri'], array(
'error' => $this->authserver->exceptionCodes[2],
'error_message' => $this->authserver->errors[$this->authserver->exceptionCodes[2]],
'state' => isset($params['state']) ? $params['state'] : ''
)));
}

// The client shouldn't automatically be approved and the user hasn't yet approved it so show them a form
return View::make('oauth.authorise', $params);
}
}

[eluser]Unknown[/eluser]
I've not done it, but am looking into it. Specifically Alex's new non-CI version, and getting it into CI.

So I'm only posting for moral support.