/**
* Returns the PayPal URL to which the user must be redirected to
* start the authentication / authorization process.
*
* @param string $redirectUri Uri on merchant website to where
* the user must be redirected to post paypal login
* @param array $scope The access privilges that you are requesting for
* from the user. Pass empty array for all scopes.
* @param string $clientId client id from developer portal
* See https://developer.paypal.com/webapps/developer/docs/integration/direct/log-in-with-paypal/detailed/#attributes for more
* @param PPApiContext $apiContext Optional API Context
*/
public static function getAuthorizationUrl($redirectUri, $scope, $clientId, $nonce = null, $state = null, $apiContext = null)
{
if (is_null($apiContext)) {
$apiContext = new PPApiContext();
}
$config = $apiContext->getConfig();
if ($apiContext->get($clientId) !== false) {
$clientId = $apiContext->get($clientId);
}
$scope = count($scope) != 0 ? $scope : array('openid', 'profile', 'address', 'email', 'phone', 'https://uri.paypal.com/services/paypalattributes', 'https://uri.paypal.com/services/expresscheckout');
if (!in_array('openid', $scope)) {
$scope[] = 'openid';
}
$params = array('client_id' => $clientId, 'response_type' => 'code', 'scope' => implode(" ", $scope), 'redirect_uri' => $redirectUri);
if ($nonce) {
$params['nonce'] = $nonce;
}
if ($state) {
$params['state'] = $state;
}
return sprintf("%s/v1/authorize?%s", self::getBaseUrl($config), http_build_query($params));
}
/**
* Creates an Access Token from an Authorization Code.
*
* @path /v1/identity/openidconnect/tokenservice
* @method POST
*
* @param array $params (allowed values are client_id, client_secret, grant_type, code and redirect_uri)
* (required) client_id from developer portal
* (required) client_secret from developer portal
* (required) code is Authorization code previously received from the authorization server
* (required) redirect_uri Redirection endpoint that must match the one provided during the
* authorization request that ended in receiving the authorization code.
* (optional) grant_type is the Token grant type. Defaults to authorization_code
* @param PPApiContext $apiContext Optional API Context
*
* @return PPOpenIdTokeninfo
*/
public static function createFromAuthorizationCode($params, $clientId, $clientSecret, $apiContext = null)
{
static $allowedParams = array('grant_type' => 1, 'code' => 1, 'redirect_uri' => 1);
if (is_null($apiContext)) {
$apiContext = new PPApiContext();
}
$config = $apiContext->getConfig();
if ($apiContext->get($clientId) !== false) {
$clientId = $apiContext->get($clientId);
}
if ($apiContext->get($clientSecret) !== false) {
$clientSecret = $apiContext->get($clientSecret);
}
if (!array_key_exists('grant_type', $params)) {
$params['grant_type'] = 'authorization_code';
}
$call = new PPRestCall($apiContext);
$token = new PPOpenIdTokeninfo();
$token->fromJson($call->execute(array(new PPOpenIdHandler()), "/v1/identity/openidconnect/tokenservice", "POST", http_build_query(array_intersect_key($params, $allowedParams)), array('Content-Type' => 'application/x-www-form-urlencoded', 'Authorization' => 'Basic ' . base64_encode($clientId . ":" . $clientSecret))));
return $token;
}
