/** * Creates a RedirectResponse that will send the user to the * OAuth2 server (e.g. send them to Facebook). * * @param array $scopes The scopes you want (leave empty to use default) * @return RedirectResponse */ public function redirect(array $scopes = []) { $options = []; if (!empty($scopes)) { $options['scope'] = $scopes; } $url = $this->provider->getAuthorizationUrl($options); // set the state (unless we're stateless) if (!$this->isStateless) { $this->getSession()->set(self::OAUTH2_SESSION_STATE_KEY, $this->provider->getState()); } return new RedirectResponse($url); }
private function moveToAuth(AbstractProvider $provider) { $authorizationUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authorizationUrl); exit; }
/** * @param Request $request * @return \Psr\Http\Message\ResponseInterface|RedirectResponse */ public function handle(Request $request) { $redirectUri = (string) $request->getAttribute('originalUri', $request->getUri())->withQuery(''); $this->provider = $this->getProvider($redirectUri); $session = $request->getAttribute('session'); $queryParams = $request->getQueryParams(); $code = array_get($queryParams, 'code'); $state = array_get($queryParams, 'state'); if (!$code) { $authUrl = $this->provider->getAuthorizationUrl($this->getAuthorizationUrlOptions()); $session->set('oauth2state', $this->provider->getState()); return new RedirectResponse($authUrl . '&display=popup'); } elseif (!$state || $state !== $session->get('oauth2state')) { $session->forget('oauth2state'); echo 'Invalid state. Please close the window and try again.'; exit; } $this->token = $this->provider->getAccessToken('authorization_code', compact('code')); $owner = $this->provider->getResourceOwner($this->token); $identification = $this->getIdentification($owner); $suggestions = $this->getSuggestions($owner); return $this->authResponse->make($request, $identification, $suggestions); }
/** * Set the state token string from a provider to the user's session. * * @param AbstractProvider $provider */ public function setStateToken(AbstractProvider $provider) { $this->session->set(self::SESSION_STATE, $provider->getState()); }