root / drupal7 / sites / all / modules / oauth2_client / oauth2_client.api.php @ 286092dc
| 1 |
<?php
|
|---|---|
| 2 |
/**
|
| 3 |
* @file
|
| 4 |
* The programing interface provided by the module oauth2_client.
|
| 5 |
*/
|
| 6 |
|
| 7 |
/**
|
| 8 |
* Define oauth2 clients.
|
| 9 |
*
|
| 10 |
* @return Array
|
| 11 |
* Associative array of oauth2 clients.
|
| 12 |
*/
|
| 13 |
function hook_oauth2_clients() { |
| 14 |
global $base_url; |
| 15 |
$server_url = 'https://oauth2_server.example.org'; |
| 16 |
|
| 17 |
$oauth2_clients = array(); |
| 18 |
|
| 19 |
// Using user-password flow.
|
| 20 |
$oauth2_clients['test1'] = array( |
| 21 |
'token_endpoint' => $server_url . '/oauth2/token', |
| 22 |
'auth_flow' => 'user-password', |
| 23 |
'client_id' => 'client1', |
| 24 |
'client_secret' => 'secret1', |
| 25 |
'username' => 'user1', |
| 26 |
'password' => 'pass1', |
| 27 |
); |
| 28 |
|
| 29 |
// Using client-credentials flow.
|
| 30 |
$oauth2_clients['test2'] = array( |
| 31 |
'token_endpoint' => $server_url . '/oauth2/token', |
| 32 |
'auth_flow' => 'client-credentials', |
| 33 |
'client_id' => 'client2', |
| 34 |
'client_secret' => 'secret2', |
| 35 |
); |
| 36 |
|
| 37 |
// Using server-side flow.
|
| 38 |
$oauth2_clients['test3'] = array( |
| 39 |
'token_endpoint' => $server_url . '/oauth2/token', |
| 40 |
'auth_flow' => 'server-side', |
| 41 |
'client_id' => 'client3', |
| 42 |
'client_secret' => 'secret3', |
| 43 |
'authorization_endpoint' => $server_url . '/oauth2/authorize', |
| 44 |
'redirect_uri' => $base_url . '/oauth2/authorized', |
| 45 |
); |
| 46 |
|
| 47 |
return $oauth2_clients; |
| 48 |
} |
| 49 |
|
| 50 |
/**
|
| 51 |
* Load an oauth2 client.
|
| 52 |
*
|
| 53 |
* @param string $name
|
| 54 |
* Name of the client.
|
| 55 |
*
|
| 56 |
* @return OAuth2\Client
|
| 57 |
* Returns an OAuth2\Client object
|
| 58 |
*
|
| 59 |
* Example:
|
| 60 |
* $test1 = oauth2_client_load('test1');
|
| 61 |
* $access_token = $test1->getAccessToken();
|
| 62 |
*/
|
| 63 |
function oauth2_client_load($name); |
| 64 |
|
| 65 |
/**
|
| 66 |
* Return the redirect_uri of oauth2_client.
|
| 67 |
*/
|
| 68 |
function oauth2_client_get_redirect_uri() { |
| 69 |
return url('oauth2/authorized', array('absolute' => TRUE)); |
| 70 |
} |
| 71 |
|
| 72 |
/**
|
| 73 |
* Set a redirect request.
|
| 74 |
*
|
| 75 |
* This can be used by other oauth2 clients to integrate with
|
| 76 |
* oauth2_client, i.e. to use the same client that is registered
|
| 77 |
* on the server for the oauth2_client.
|
| 78 |
*
|
| 79 |
* The oauth2_server sends the authorization reply to the
|
| 80 |
* redirect_uri that is registered for the client, which is
|
| 81 |
* the one corresponding to oauth2_client. If another oauth2
|
| 82 |
* client would like to get this authorization reply, it has
|
| 83 |
* to set a redirect request with this function, and then
|
| 84 |
* oauth2_client will forward the reply to it.
|
| 85 |
*
|
| 86 |
* @param string $state
|
| 87 |
* The random parameter that is used on the authentication url
|
| 88 |
* in order to mittigate CSRF attacks. In this case it is used
|
| 89 |
* as a key for identifying the authentication request.
|
| 90 |
*
|
| 91 |
* @param array $redirect
|
| 92 |
* Associative array that contains the keys:
|
| 93 |
* - 'uri': the uri of the oauth2 client that is requesting a redirect
|
| 94 |
* - 'params': associative array of other parameters that should be
|
| 95 |
* appended to the uri, along with the $_REQUEST
|
| 96 |
*
|
| 97 |
* Example:
|
| 98 |
* $state = md5(uniqid(rand(), TRUE));
|
| 99 |
* $hybridauth_config['state'] = $state;
|
| 100 |
* $hybridauth_config['redirect_uri'] = oauth2_client_get_redirect_uri();
|
| 101 |
* oauth2_client_set_redirect($state, array(
|
| 102 |
* 'uri' => 'hybridauth/endpoint',
|
| 103 |
* 'params' => array(
|
| 104 |
* 'hauth.done' => 'DrupalOAuth2',
|
| 105 |
* )
|
| 106 |
* ));
|
| 107 |
*/
|
| 108 |
function oauth2_client_set_redirect($state, $redirect) { |
| 109 |
OAuth2\Client::setRedirect($state, $redirect); |
| 110 |
} |
| 111 |
|
| 112 |
/**
|
| 113 |
* Share an access token with oauth2_client.
|
| 114 |
*
|
| 115 |
* Another oauth2 client that has been successfully authenticated
|
| 116 |
* and has received an access_token, can share it with oauth2_client,
|
| 117 |
* so that oauth2_client does not have to repeat the authentication
|
| 118 |
* process again.
|
| 119 |
*
|
| 120 |
* Example:
|
| 121 |
* $client_id = $hybridauth->api->client_id;
|
| 122 |
* $token = array(
|
| 123 |
* 'access_token' => $hybridauth->api->access_token,
|
| 124 |
* 'refresh_token' => $hybridauth->api->refresh_token,
|
| 125 |
* 'expires_in' => $hybridauth->api->access_token_expires_in,
|
| 126 |
* 'expiration_time' => $hybridauth->api->access_token_expires_at,
|
| 127 |
* 'scope' => $hybridauth->scope,
|
| 128 |
* );
|
| 129 |
* $token_endpoint = $oauth2->api->token_endpoint;
|
| 130 |
* $client_id = $oauth2->api->client_id;
|
| 131 |
* $auth_flow = 'server-side';
|
| 132 |
* $id = md5($token_endpoint . $client_id . $auth_flow);
|
| 133 |
* oauth2_client_set_token($id, $token);
|
| 134 |
*/
|
| 135 |
function oauth2_client_set_token($client_id, $token) { |
| 136 |
OAuth2\Client::storeToken($client_id, $token); |
| 137 |
} |
| 138 |
|
| 139 |
/**
|
| 140 |
* Returns the access token of the oauth2_client for the given $client_id.
|
| 141 |
*/
|
| 142 |
function oauth2_client_get_token($client_id) { |
| 143 |
return OAuth2\Client::loadToken($client_id); |
| 144 |
} |