public function connect_with_oauth2($provider_name)
{
if ($this->user_model->is_logged_in()) {
redirect('user/login');
}
switch ($provider_name) {
case 'facebook':
$provider = new League\OAuth2\Client\Provider\Facebook(array('clientId' => '738761806197904', 'clientSecret' => '913fab2aabe36d3af31dc738e3964d69', 'redirectUri' => 'http://kuklos.vikom.io/user/connect/facebook', 'scopes' => array('email')));
break;
case 'github':
$provider = new League\OAuth2\Client\Provider\Github(array('clientId' => 'e100df6b5305c00f58e3', 'clientSecret' => 'b27953bc5421ce1e109e2b49c7fbb170de51108c', 'redirectUri' => 'http://kuklos.vikom.io/user/connect/github', 'scopes' => array('email')));
break;
case 'google':
$provider = new League\OAuth2\Client\Provider\Google(array('clientId' => '246372104087-gf5re27h5ds69p09ubs25qmlf4bh3oim.apps.googleusercontent.com', 'clientSecret' => '4ccpNZwabW817I6jhN1n8TdB', 'redirectUri' => 'http://kuklos.vikom.io/user/connect/google', 'scopes' => array('email')));
break;
default:
exit('Unsupported OAuth2 Provider: ' . $provider_name);
}
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
header('Location: ' . $provider->getAuthorizationUrl());
exit;
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('Authorization_Code', ['code' => $_GET['code']]);
// Get user email
$email = '';
try {
// We got an access token, let's now get the user's details
$userDetails = $provider->getUserDetails($token);
// Use these details to create a new profile
$email = $userDetails->email;
} catch (Exception $e) {
// Failed to get user details
exit('Something went wrong. Contact Admin.');
}
// Create account if it does not exist
if ($this->user_model->add_oauth_user($email)) {
$this->send_welcome_email($email);
}
$this->set_login_userdata($email);
redirect('user');
// // Use this to interact with an API on the users behalf
// echo $token->accessToken;
// // Use this to get a new access token if the old one expires
// echo $token->refreshToken;
// // Number of seconds until the access token will expire, and need refreshing
// echo $token->expires;
}
}
require 'vendor/autoload.php';
session_start();
//If this automatic URL doesn't work, set it yourself manually
$redirectUri = isset($_SERVER['HTTPS']) ? 'https://' : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
//$redirectUri = 'http://localhost/phpmailer/get_oauth_token.php';
$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
//All details obtained by setting up app in Google developer console.
//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
$provider = new League\OAuth2\Client\Provider\Google(['clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scopes' => ['https://mail.google.com/'], 'accessType' => 'offline']);
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->state;
header('Location: ' . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
$provider->accessType = 'offline';
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
// Use this to interact with an API on the users behalf
// echo $token->accessToken.'<br>';
// Use this to get a new access token if the old one expires
echo 'Refresh Token: ' . $token->refreshToken;
// Unix timestamp of when the token will expire, and need refreshing
// echo $token->expires;
}
/**
* See:
*
* https://github.com/PHPMailer/PHPMailer/wiki/Using-Gmail-with-XOAUTH2
* https://github.com/PHPMailer/PHPMailer/blob/master/get_oauth_token.php
* https://github.com/thephpleague/oauth2-client
* https://github.com/thephpleague/oauth2-google
*
* @author Christophe
*/
public function token()
{
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
//session_start();
//If this automatic URL doesn't work, set it yourself manually
//$redirectUri = isset($_SERVER['HTTPS']) ? 'https://' : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
//$redirectUri = 'http://localhost/phpmailer/get_oauth_token.php';
if ($this->config->item('environment') == 'production') {
$redirectUri = 'https://app.trackstreet.com/oauth/token';
} else {
if ($this->config->item('environment') == 'local') {
$redirectUri = 'http://localvision.juststicky.com:8888/oauth/token';
} else {
$redirectUri = 'http://dev.trackstreet.com/oauth/token';
}
}
//var_dump($redirectUri); exit();
//These details obtained are by setting up app in Google developer console.
//$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
$clientId = '926686706631-hfvemdq29jq7rls3cev19dhk3u1vnm68.apps.googleusercontent.com';
//$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
$clientSecret = 'tgaKWHuROprvasinKyeitMlk';
//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
$provider = new League\OAuth2\Client\Provider\Google(array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scopes' => array('https://mail.google.com/'), 'accessType' => 'offline'));
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authUrl);
exit;
} else {
if (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', array('code' => $_GET['code']));
// Use this to get a new access token if the old one expires
echo 'Refresh Token: ' . $token->getRefreshToken();
}
}
}
/**
* Try to authenticate the user using one of the OAuth2 providers
* @author Benjamin BALET <*****@*****.**>
*/
public function loginOAuth2()
{
require_once APPPATH . 'third_party/OAuthClient/vendor/autoload.php';
$oauth2Enabled = $this->config->item('oauth2_enabled');
$oauth2Provider = $this->config->item('oauth2_provider');
$oauth2ClientId = $this->config->item('oauth2_client_id');
$oauth2ClientSecret = $this->config->item('oauth2_client_secret');
if ($oauth2Enabled === FALSE) {
echo 'ERROR: OAuth2 is disabled';
return;
}
$authCode = $this->input->post('auth_code');
if (!is_null($authCode)) {
$this->load->model('users_model');
switch ($oauth2Provider) {
case 'google':
$provider = new League\OAuth2\Client\Provider\Google(array('clientId' => $oauth2ClientId, 'clientSecret' => $oauth2ClientSecret, 'redirectUri' => 'postmessage', 'accessType' => 'offline'));
$token = $provider->getAccessToken('authorization_code', array('code' => $authCode));
try {
//We try to get the e-mail address from the Google+ API
$ownerDetails = $provider->getResourceOwner($token);
$email = $ownerDetails->getEmail();
//If we find the e-mail address into the database, we're good
$loggedin = $this->users_model->checkCredentialsEmail($email);
if ($loggedin === TRUE) {
echo 'OK';
} else {
echo lang('session_login_flash_bad_credentials');
}
} catch (Exception $e) {
echo 'ERROR: ' . $e->getMessage();
}
break;
default:
echo 'ERROR: unsupported OAuth2 provider';
}
} else {
echo 'ERROR: Invalid OAuth2 token';
}
}
require 'vendor/autoload.php';
session_start();
//If this automatic URL doesn't work, set it yourself manually
$redirectUri = isset($_SERVER['HTTPS']) ? 'https://' : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
//$redirectUri = 'http://localhost/phpmailer/get_oauth_token.php';
//These details obtained are by setting up app in Google developer console.
$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
$provider = new League\OAuth2\Client\Provider\Google(array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scopes' => array('https://mail.google.com/'), 'accessType' => 'offline'));
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->state;
header('Location: ' . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
$provider->accessType = 'offline';
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', array('code' => $_GET['code']));
// Use this to interact with an API on the users behalf
// echo $token->accessToken.'<br>';
// Use this to get a new access token if the old one expires
echo 'Refresh Token: ' . $token->refreshToken;
// Unix timestamp of when the token will expire, and need refreshing
// echo $token->expires;
}
