$db = new PDO($dsn, $user, $password); } catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); } /* * You would need to authenticate the user before authorization. * * Below is some psudeo-code to show what you might do: * session_start(); if (!isLoggedIn()) { redirectToLoginPage(); exit(); } */ $oauth = new OAuth2\Server\Server(new OAuth2\Storage\StoragePdo($db)); if ($_POST) { $userId = $_SESSION['user_id']; // Use whatever method you have for identifying users. $oauth->finishClientAuthorization($_POST["accept"] == "Yep", $userId, $_POST); } try { $auth_params = $oauth->getAuthorizeParams(); } catch (OAuth2\Exception\ServerException $oauthError) { $oauthError->sendHttpResponse(); } ?> <html> <head> <title>Authorize</title> <script>
<?php /** * @file * Sample protected resource. * * Obviously not production-ready code, just simple and to the point. * * In reality, you'd probably use a nifty framework to handle most of the crud for you. */ require 'OAuth2/Server/StorageMongo.php'; require_once 'OAuth2/Storage/StorageMongo.php'; require 'OAuth2/Exception/ServerException.php'; $token = isset($_GET[\OAuth2\Server\Server::TOKEN_PARAM_NAME]) ? $_GET[\OAuth2\Server\Server::TOKEN_PARAM_NAME] : null; try { $oauth = new OAuth2\Server\Server(new OAuth2\Storage\StorageMongo()); $token = $oauth->getBearerToken(); $oauth->verifyAccessToken($token); } catch (OAuth2\Exception\ServerException $oauthError) { $oauthError->sendHttpResponse(); } // With a particular scope, you'd do: // $oauth->verifyAccessToken("scope_name"); ?> <html> <head> <title>Hello!</title> </head> <body> <p>This is a secret.</p>
<?php /** * @file * Sample token endpoint. * * Obviously not production-ready code, just simple and to the point. * * In reality, you'd probably use a nifty framework to handle most of the crud for you. */ require 'OAuth2/Storage/StoragePdo.php'; require_once 'OAuth2/Server/Server.php'; require_once 'OAuth2/Exception/ServerException.php'; $dsn = 'mysql:dbname=testdb;host=127.0.0.1'; $user = '******'; $password = '******'; try { $db = new PDO($dsn, $user, $password); } catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); } $oauth = new OAuth2\Server\Server(new OAuth2\Storage\StoragePdo($db)); try { $oauth->grantAccessToken(); } catch (OAuth2\Exception\ServerException $oauthError) { $oauthError->sendHttpResponse(); }