OAuth2lib v10 Installation Guide
Download the code of oauth2lib v10 here.
OAuth Client
Installation
In order to install the Client application you just have to include de following archives somewhere accessible for your code:
'oauth_client/src' directory
Configuration
- Step1: Instantiate the OAuth class with the ID of the Client Application and its client secret.
-
$client = new OAuth($client_id,$secret);
- Step2: Configure the parameters of the OAuth Client class
-
In the access point of the Client Application we must configure the parameters of the oauth Client class. These are defined in the client's documentation and are the following:
- Authorization Server
- PUBLIC setAs($url_as): void
- Resource Server
- PUBLIC setRs($url_rs): void
- Scope
- PUBLIC setScope($scope): void
- Assertion Type: Type of the assertion (Defined by the constants PAPI or SAML2). By default PAPI.
- PUBLIC setPAPIAssertionType(): void
- PUBLIC setSAML2AssertionType(): void
- Error Type: Error type. Defined by the constants HTML or JSON. By default HTML.
- PUBLIC setHTMLErrorResponse(): void
- PUBLIC setJSONErrorResponse(): void
- Request type: Type of request that the Client makes to the Resource Server (Defined by the constants HEADER, GET or BODY). By default HEADER.
- PUBLIC setBODYResourceRequest(): void
- PUBLIC setGETResourceRequest(): void
- PUBLIC setHEADERResourceRequest(): void
- Client Secret and Client ID: Defined in the constructor of the OAuth Class
- OAuth __construct ([ $clientid = "app_client_1"], [ $clientsecret = "example_key"])
The configuration will be made with these methods. For example:
$as="https://oauth-server.rediris.es/oauth2_10/oauth_as/tokenEndpoint.php"; $rs="https://oauth-server.rediris.es/oauth2_10/oauth_server/serverEndpoint.php"; $client->setAs($as); $client->setRs($rs); $client->setGETResourceRequest(); $client->setJSONErrorResponse(); $client->setSAML2AssertionType();
- Authorization Server
- Step3: Start the authorization flow
-
$dev = $client->doOAuthFlow($assertion)
Where $assertion will be the specific assertion for an user. It could be an PAPI assertion or a SAML2 assertion.
In the case of a PAPI assertion, we send in $assertion the information stored in $_SESSION['userdata'], obtained with the phpPoA. For more information about phpPoA, see its web page
In the SAML2 case, we send in $assertion the result of call the method $as->getAttributes(); of SimpleSAMLphp. For more information about SimpleSAMLphp, see its web page
- Step4: Getting the resource (or the error)
-
if(!$dev){ echo $client->getError(); }else{ echo $client->getResource(); }
We get the resource with the method getResource().
To know if exists an error, we must check if the result of the doOAuthFlow method returns FALSE or not.
To know which error has happened, we can use the getError() method, that returns a string with the information.
- Step5: Formatting the resource
-
To show the resources to the user, you must implement a method to visualize them properly.
For example, in the use case example, we've implemented a method that gets the resource, an xml string, and format it properly, to show the information in a readable way.
We can format the resources in different ways depending on the scope of the resource, thanks to the method returnResource() of the OAuth class. This function, given an OAuthClient object, formats the corresponding response depending on the scope of the request.
In order to format a Response we must do the following steps:
- Step 5.1: Formatting the resource
To format a resource you must to develop a Class that implements the interface IFormattingResource. An example of this type of class is the DefaultFormattingResource.
- Step 5.2: Register the format to an specific Scope
-
To register the format, you must configure the FormatResponses.xml file as you can see in its documentation.
OAuth Authorization Server
Installation
In order to install the Authorization Server you just have to include de following archives somewhere accesible for your code:
'oauth_as' directory
tokenEndpoint.php
- keys.xml
- errors.xml
- policies.xml
'config' directory
'src' directory
Configuration
- Step1: Configuring the file keys.xml
The Authorization Server has to know with whose Clients are copmmunicating. To define this, we use the keys.xml file. The correct configuration of this archive is defined in the section of the documentation.
- Step2: Configuring the file policies.xml
-
The Authorization Server has to know which assertions are valid ones. To define the authorization policy, we use the policies.xml file. The correct configuration of this archive is defined in the section of the Policy's Documentation.
- Step3: Endpoint
-
With the current code organization, the Token Endpoint that we must give to the Client App will be accessible in the php file: tokenEndpoint.php.
OAuth resource Server
Installation
In order to install the resource Server you just have to include de following archives somewhere accesible for your code:
'oauth_server' directory
serverEndpoint.php
- keys.xml
- errors.xml
'config' directory
'src' directory
Configuration
- Step1: Configuring the file keys.xml
The Resource Server has to know with whose Clients are copmmunicating. To define this, we use the keys.xml file. The correct configuration of this archive is defined in the section of the documentation.
- Step2: To get the resources
-
To get the resources from the server, you must develop a class to get them.
This class must implement the IServerResource interface. For more information see the example class inside the library and its documentation.
- Step3: Endpoint
-
With the current code organization, the Server Endpoint that we must give to the Client App will be accessible in the php file: serverEndpoint.php.