protected function startFlow() { $client = new Client(["clientId" => self::$ID, "clientSecret" => self::$secret, "redirectUri" => "http://localhost:8080/", "scopes" => ["profile", "email"], "hostedDomain" => "localhost:8080"]); if (!empty($_GET["error"])) { // User probably denied access. die("Got an error: {$_GET['error']}"); } else { if (empty($_GET["code"])) { // We need to get an authorisation code. $authUrl = $client->getAuthorizationUrl(); $_SESSION["oauth2state"] = $client->state; Headers::redirect($authUrl); exit; } else { if (empty($_GET["state"]) || $_GET["state"] !== $_SESSION["oauth2state"]) { // State is invalid - possible CSRF attack. unset($_SESSION["oauth2state"]); die("Invalid state"); } else { // Try to get an access token using the authorisation grant. try { $token = $client->getAccessToken("authorization_code", ["code" => $_GET["code"]]); $this->details = $client->getUserDetails($token); unset($_SESSION["oauth2state"]); } catch (\Exception $ex) { unset($_SESSION["oauth2state"]); die("Something went wrong! " . $ex->getMessage()); } } } } }
/** * @param Request $request * @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector */ public function callback(Request $request) { $state = $request->get('state'); $sessionState = Session::get('google.oauth2state'); $code = $request->get('code'); if ($request->get('error')) { $request->session()->flash('error', 'auth.error'); return redirect(route('auth.loginForm')); } if (empty($state) || $state !== $sessionState) { Session::forget('google.oauth2state'); $request->session()->flash('error', 'auth.error'); return redirect(route('auth.loginForm')); } $token = $this->provider->getAccessToken('authorization_code', ['code' => $code]); try { /** @var GoogleUser $ownerDetails */ $ownerDetails = $this->provider->getResourceOwner($token); $email = $ownerDetails->getEmail(); // if we already have the email in DB we log the user if (!$this->repository->exists(['email' => $email])) { $lastName = $ownerDetails->getLastName(); $firstName = $ownerDetails->getFirstName(); $this->createUser($firstName, $lastName, $email); } // we try to logged in the user with the email and the google oauth access token Input::merge(['client_id' => Config::get('oauth2.web_client.client_id')]); Input::merge(['client_secret' => Config::get('oauth2.web_client.client_secret')]); Input::merge(['grant_type' => 'google']); Input::merge(['username' => $email]); Input::merge(['password' => $token->getToken()]); try { Authorizer::issueAccessToken(); return redirect('/'); } catch (\Exception $e) { $request->session()->flash('error', 'auth.login_error'); return redirect(route('auth.loginForm')); } } catch (ModelNotValid $e) { $request->session()->flash('error', 'auth.error'); Log::warn($e->getMessage()); return redirect(route('auth.loginForm')); } catch (\Exception $e) { $request->session()->flash('error', 'auth.error'); Log::warn($e->getMessage()); return redirect(route('auth.loginForm')); } }
/** * @param Application $app * * @return string token */ public function handleAuth(Application $app) { $code = $app->request()->get('code'); $state = $app->request()->get('state'); $key = sprintf('google.oauth2state.%s', session_id()); $sessionState = $this->redisClient->get($key); if (is_null($code)) { // If we don't have an authorization code then get one $url = $this->oauth2Provider->getAuthorizationUrl(); $this->redisClient->setex($key, 300, $this->oauth2Provider->state); $app->redirect($url); } elseif (empty($state) || isset($sessionState) && $state !== $sessionState) { // Check given state against previously stored one to mitigate CSRF attack $this->redisClient->del($key); throw new \RuntimeException('Invalid state'); } // clean session $this->redisClient->del($key); // Try to get an access token (using the authorization code grant) return $this->oauth2Provider->getAccessToken('authorization_code', ['code' => $code])->accessToken; }
protected function prepareAccessTokenResult(array $result) { if (isset($result['id_token'])) { // [signature, token, ???] $id_token_bits = explode(".", $result['id_token']); // we could validate the token here but eh if (count($id_token_bits) >= 2) { $this->id_token = json_decode(self::safe_base64_decode($id_token_bits[1]), true); } } return parent::prepareAccessTokenResult($result); }
/** * It will return uid, token and information user to save database * * @return array */ public function authorize() { $this->view->disable(); $provider = new Google(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]); $code = $this->request->getQuery('code'); $state = $this->request->getQuery('state'); if (!isset($code)) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $this->session->set('oauth2state', $provider->state); return $this->response->redirect($authUrl); // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($state) || $state !== $this->session->get('oauth2state')) { $this->session->remove('oauth2state'); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', ['code' => $code]); $uid = $provider->getUserUid($token); $userDetails = $provider->getUserDetails($token); return array($uid, $token, $userDetails); } }
$code = 0; $error = $data['error']; if (is_array($error)) { $code = $error['code']; $error = $error['message']; } throw new IdentityProviderException($error, $code, $data); } } protected function createResourceOwner(array $response, AccessToken $token) { return new GoogleUser($response); } } //Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php $provider = new Google(array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scope' => array('https://mail.google.com/'), 'accessType' => 'offline')); if (!isset($_GET['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) { unset($_SESSION['oauth2state']); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', array('code' => $_GET['code'])); // Use this to get a new access token if the old one expires echo 'Refresh Token: ' . $token->getRefreshToken();
public function authenticateGoogle(Request $request) { # Get access token from request #$accessToken = new AccessToken(array('access_token' => $request->input('access_token'))); $accessToken = new AccessToken(array('access_token' => 'ya29.3gFWZcLeCgaKJ-rmDE7znkTtuTA1p-7Fv4PgP4EFSn8gc10pG_jotwIDraqvsq9_jGiO')); # Create a new provider which takes values from config file $provider = new Google(['clientId' => config('easyauth.google.clientId'), 'clientSecret' => config('easyauth.google.clientSecret'), 'redirectUri' => config('easyauth.google.redirectUri'), 'scopes' => config('easyauth.google.scopes')]); try { # We got an access token, let's now get the owner details $ownerDetails = $provider->getResourceOwner($accessToken); $profile = array('provider_key' => $ownerDetails->getId(), 'first_name' => $ownerDetails->getFirstName(), 'last_name' => $ownerDetails->getLastName(), 'email' => $ownerDetails->getEmail(), 'avatar' => $ownerDetails->getAvatar(), 'provider' => 'Google+'); # Use these details to create a new profile or return a token in case the user exists return $this->authenticateOrCreateUser($profile); } catch (Exception $e) { # Failed to get user details exit('Something went wrong: ' . $e->getMessage()); } }