OAuth2 Client API: Driver Abstracting OAuth2 Clients

This API came by the idea of building a single driver based on RFC-6749 IETF specifications that makes it possible to communicate with all OAuth2 providers (eg: Google) without forcing you to download and learn their bloated PHP clients.

How does it work?

The main idea behind this API was breaking logic of communication in two units:

All API components belong to OAuth2 namespace.

Shared Components

In light of above, Driver class was built as an abstract hub of control that takes control of communication with OAuth2 provider through internal API components as well as logic that must be implemented by vendor-specific class that extends it. Following internal API components are relevant to developers:

All shared components are found in src folder and belong to OAuth2 namespace.

Vendor-specific Components

API core does not attempt to go beyond the layer of common IETF specifications/operations all providers must abide to. Everything else falls into extension's scope: from OAuth2 provider info (eg: URLs and parameters to get authorization codes, access tokens and resources) to the way it formats response. Following are required for each vendor:

Currently, following vendors are supported:

Following vendors are NOT supported:

All vendor-specific components are found in drivers folder and also belong to OAuth2 namespace.

How to register your site on an OAuth2 vendor?

Even though API supports integration with above vendors, your site that uses it needs first to register itself on vendor's site in order to be able to perform any operation later on. To register your site, following URLs are to be used:

Registration results will be typically a combination of:

How to retrieve resources from OAuth2 vendor on user's behalf?

Once you obtain credentials above, you first need to decide what TYPE of resources you will need from provider. According to RFC standards, provider MUST associate each type of resource to a SCOPE. Here is the complete list of scopes per provider:

Once you decide which scopes apply to your demands, RFC standard specifies you should place them in authorization code request separated by commas. API simplifies this process, so you only need to add them as getAuthorizationCodeEndpoint arguments. Example:

$driver = new FacebookDriver($clientInformation); $redirectURL = $driver->getAuthorizationCodeEndpoint(["public_profile","email"]); header("Location: ".$redirectURL); exit();

Once your site user approves those scopes, vendor will redirect him/her to redirect uri on your site, where you will be able to obtain an access token:

$accessToken = $driver->getAccessToken($_GET["code"]);

Then access any resources (defined as URIs) on provider associated to those scopes using token above. Example:

$userInformation = $driver->getResource($accessToken, "https://graph.facebook.com/v2.8/me", ["id","name","email"]);

How can I use it?

To learn how to install and use this API, follow this step-by-step guide!


Share