/**
* @param Request $request
* @return \Illuminate\Http\RedirectResponse|\Laravel\Lumen\Http\Redirector
*/
public function connect(Request $request)
{
if (!env('GOOGLE_OAUTH_ENABLED')) {
$request->session()->flash('error', 'Authentification google non disponible');
return redirect(route('auth.loginForm'));
}
$authUrl = $this->provider->getAuthorizationUrl();
Session::put('google.oauth2state', $this->provider->getState());
return redirect($authUrl);
}
protected function startFlow()
{
$client = new Client(["clientId" => self::$ID, "clientSecret" => self::$secret, "redirectUri" => "http://localhost:8080/", "scopes" => ["profile", "email"], "hostedDomain" => "localhost:8080"]);
if (!empty($_GET["error"])) {
// User probably denied access.
die("Got an error: {$_GET['error']}");
} else {
if (empty($_GET["code"])) {
// We need to get an authorisation code.
$authUrl = $client->getAuthorizationUrl();
$_SESSION["oauth2state"] = $client->state;
Headers::redirect($authUrl);
exit;
} else {
if (empty($_GET["state"]) || $_GET["state"] !== $_SESSION["oauth2state"]) {
// State is invalid - possible CSRF attack.
unset($_SESSION["oauth2state"]);
die("Invalid state");
} else {
// Try to get an access token using the authorisation grant.
try {
$token = $client->getAccessToken("authorization_code", ["code" => $_GET["code"]]);
$this->details = $client->getUserDetails($token);
unset($_SESSION["oauth2state"]);
} catch (\Exception $ex) {
unset($_SESSION["oauth2state"]);
die("Something went wrong! " . $ex->getMessage());
}
}
}
}
}
/**
* @param Application $app
*
* @return string token
*/
public function handleAuth(Application $app)
{
$code = $app->request()->get('code');
$state = $app->request()->get('state');
$key = sprintf('google.oauth2state.%s', session_id());
$sessionState = $this->redisClient->get($key);
if (is_null($code)) {
// If we don't have an authorization code then get one
$url = $this->oauth2Provider->getAuthorizationUrl();
$this->redisClient->setex($key, 300, $this->oauth2Provider->state);
$app->redirect($url);
} elseif (empty($state) || isset($sessionState) && $state !== $sessionState) {
// Check given state against previously stored one to mitigate CSRF attack
$this->redisClient->del($key);
throw new \RuntimeException('Invalid state');
}
// clean session
$this->redisClient->del($key);
// Try to get an access token (using the authorization code grant)
return $this->oauth2Provider->getAccessToken('authorization_code', ['code' => $code])->accessToken;
}
/**
* It will return uid, token and information user to save database
*
* @return array
*/
public function authorize()
{
$this->view->disable();
$provider = new Google(['clientId' => $this->clientId, 'clientSecret' => $this->clientSecret, 'redirectUri' => $this->redirectUriAuthorize]);
$code = $this->request->getQuery('code');
$state = $this->request->getQuery('state');
if (!isset($code)) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$this->session->set('oauth2state', $provider->state);
return $this->response->redirect($authUrl);
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($state) || $state !== $this->session->get('oauth2state')) {
$this->session->remove('oauth2state');
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $code]);
$uid = $provider->getUserUid($token);
$userDetails = $provider->getUserDetails($token);
return array($uid, $token, $userDetails);
}
}
$error = $data['error'];
if (is_array($error)) {
$code = $error['code'];
$error = $error['message'];
}
throw new IdentityProviderException($error, $code, $data);
}
}
protected function createResourceOwner(array $response, AccessToken $token)
{
return new GoogleUser($response);
}
}
//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
$provider = new Google(array('clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, 'scope' => array('https://mail.google.com/'), 'accessType' => 'offline'));
if (!isset($_GET['code'])) {
// If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authUrl);
exit;
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', array('code' => $_GET['code']));
// Use this to get a new access token if the old one expires
echo 'Refresh Token: ' . $token->getRefreshToken();
}
public function getAuthorizationUrl($options = [])
{
return parent::getAuthorizationUrl($options) . '&openid.realm=' . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? "https://" : "http://") . \Openclerk\Config::get('openid_host');
}
