public function testAuthorizationUrl() { $url = $this->provider->getAuthorizationUrl(); $uri = parse_url($url); parse_str($uri['query'], $query); $this->assertArrayHasKey('client_id', $query); $this->assertArrayHasKey('redirect_uri', $query); $this->assertArrayHasKey('state', $query); $this->assertArrayHasKey('scope', $query); $this->assertArrayHasKey('response_type', $query); $this->assertArrayHasKey('approval_prompt', $query); $this->assertNotNull($this->provider->state); }
/** * @param Request $request * @param array $routeParams * @return \Psr\Http\Message\ResponseInterface|RedirectResponse */ public function handle(Request $request, array $routeParams = []) { session_start(); $provider = new Facebook(['clientId' => $this->settings->get('flarum-auth-facebook.app_id'), 'clientSecret' => $this->settings->get('flarum-auth-facebook.app_secret'), 'redirectUri' => $this->url->toRoute('auth.facebook'), 'graphApiVersion' => 'v2.4']); if (!isset($_GET['code'])) { $authUrl = $provider->getAuthorizationUrl(['scope' => ['email']]); $_SESSION['oauth2state'] = $provider->getState(); return new RedirectResponse($authUrl); } elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) { unset($_SESSION['oauth2state']); echo 'Invalid state.'; exit; } $token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]); $owner = $provider->getResourceOwner($token); $email = $owner->getEmail(); $username = preg_replace('/[^a-z0-9-_]/i', '', $owner->getName()); return $this->authenticate(compact('email'), compact('username')); }
/** * It will return uid, token and information user to save database * * @return array */ public function authorize() { $this->view->disable(); $provider = new Facebook(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]); $code = $this->request->getQuery('code'); $state = $this->request->getQuery('state'); if (!isset($code)) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $this->session->set('oauth2state', $provider->state); return $this->response->redirect($authUrl); // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($state) || $state !== $this->session->get('oauth2state')) { $this->session->remove('oauth2state'); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $code]); $uid = $provider->getUserUid($token); $userDetails = $provider->getUserDetails($token); return array($uid, $token, $userDetails); } }
/** * Get Facebook authentication URL * @return string */ public function getAuthUrl() { return $this->facebookProvider->getAuthorizationUrl(); }
public function getAuthorizationUrl() { $options = [self::STATE_KEY => $this->csrf->generateCsrfToken(__CLASS__)]; return $this->provider->getAuthorizationUrl($options); }