OAuth2 client [ARCHIVED - NOT MAINTAINED]
An implementation of OAuth2 client implementation using PHP 7
This is an example for demonstration. Not for production use.
- PHP 7.0 and higher.
- Integrates with Facebook, Google and Yahoo.
Structure
All sitewide configuration is stored in the config.php file (Including Client id, secret and redirect uri).
The Config class uses a singleton pattern and loads the configuration.
The ProviderFactory class uses a simple factory pattern and returns a provider instance.
All providers extend the AbstractProvider class.
The curlRequestTrait provides the makeRequest method to the AbstractProvider.
Notes:
For security reasons config.php should be placed outside the public folder.
For HTTPS requests a certificate file must be added and the path specified in the curlRequestTrait.php file.
Facebook requires an App id and must be specified in the Auth/Provider/Facebook.php.
Example usage
<?php
use Auth\ProviderFactory;
require __DIR__ .'/vendor/autoload.php';
$config = Config::getInstance()->get('OAuth');
$provider = ProviderFactory::get($config);
if (isset($_GET['error']) ) {
// Got an error, probably user denied access
exit('Got error: ' . htmlspecialchars($_GET['error'], ENT_QUOTES, 'UTF-8'));
} elseif (! isset($_GET['code'])) {
// No authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
header('Location: ' . $authUrl);
exit;
} elseif (empty($_GET['state'])
|| isset($_SESSION['oauth2state'])
&& $_GET['state'] !== $_SESSION['oauth2state']
) {
// State is invalid, possible CSRF attack in progress
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token
$token = $provider->getAccessToken($_GET['code']);
// Look up a users profile data
$provider->getResourceOwner($token);
echo $provider->getEmail();
echo $provider->getName();
}