Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an example for a simple AJAX authentication API that you can drop in to your Web app. #1

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+144 −0
Open

Add an example for a simple AJAX authentication API that you can drop in to your Web app. #1

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
928977e
Example of a simple AJAX authentication API
julien-c Sep 10, 2012
d68dbfd
Tiny copy improvement
julien-c Sep 10, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
144 changes: 144 additions & 0 deletions oauth_ajax.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,144 @@
<?php

/**
* Demonstration of the OAuth authenticate flow.
* We use `authenticate` instead of `authorize` so that users having already authorized the app don't have to do it again.
*
* You can use this as an example of a simple AJAX authentication API "library" that you can drop in to your Web app.
* You must define APP_URL as your Web app's root URL (the URL users will be redirected to after authentication).
* A gist of the Javascript to use in your Web app can be found here: https://gist.github.com/3215194
*
* A real-world example of an open source Web app that uses this micro-library for authentication is Tampon:
* http://github.com/julien-c/Tampon
*
* Instructions:
* 1) If you don't have one already, create a Twitter application on
* https://dev.twitter.com/apps
* 2) From the application details page copy the consumer key and consumer
* secret into the place in this code marked with (YOUR_CONSUMER_KEY
* and YOUR_CONSUMER_SECRET)
* 3) Visit this page using your web browser.
*
* @author julien-c
*/

require '../tmhOAuth.php';
require '../tmhUtilities.php';
$tmhOAuth = new tmhOAuth(array(
'consumer_key' => 'YOUR_CONSUMER_KEY',
'consumer_secret' => 'YOUR_CONSUMER_SECRET',
));


define('APP_URL', 'http://example.com');


header('Content-type: application/json');

session_start();

function outputError($tmhOAuth) {
header('HTTP/1.1 500 Internal Server Error');
echo json_encode($tmhOAuth->response['response']);
}

function wipe() {
session_destroy();
echo json_encode(array('wiped' => "success"));
}


// Step 1: Request a temporary token
function request_token($tmhOAuth) {
$code = $tmhOAuth->request(
'POST',
$tmhOAuth->url('oauth/request_token', ''),
array(
'oauth_callback' => tmhUtilities::php_self()
)
);

if ($code == 200) {
$_SESSION['oauth'] = $tmhOAuth->extract_params($tmhOAuth->response['response']);
authorize($tmhOAuth);
} else {
outputError($tmhOAuth);
}
}


// Step 2: Direct the user to the authenticate web page
function authorize($tmhOAuth) {
$authurl = $tmhOAuth->url("oauth/authenticate", '') . "?oauth_token={$_SESSION['oauth']['oauth_token']}";

echo json_encode(array('authurl' => $authurl));
}


// Step 3: This is the code that runs when Twitter redirects the user to the callback. Exchange the temporary token for a permanent access token
function access_token($tmhOAuth) {
$tmhOAuth->config['user_token'] = $_SESSION['oauth']['oauth_token'];
$tmhOAuth->config['user_secret'] = $_SESSION['oauth']['oauth_token_secret'];

$code = $tmhOAuth->request(
'POST',
$tmhOAuth->url('oauth/access_token', ''),
array(
'oauth_verifier' => $_REQUEST['oauth_verifier']
)
);

if ($code == 200) {
$_SESSION['access_token'] = $tmhOAuth->extract_params($tmhOAuth->response['response']);
unset($_SESSION['oauth']);
header('Location: ' . APP_URL);
} else {
outputError($tmhOAuth);
}
}


// Step 4: Now the user has authenticated, do something with the permanent token and secret we received
function verify_credentials($tmhOAuth) {
$tmhOAuth->config['user_token'] = $_SESSION['access_token']['oauth_token'];
$tmhOAuth->config['user_secret'] = $_SESSION['access_token']['oauth_token_secret'];

$code = $tmhOAuth->request(
'GET',
$tmhOAuth->url('1/account/verify_credentials')
);

if ($code == 200) {
echo $tmhOAuth->response['response'];
}
else {
outputError($tmhOAuth);
}
}



/* Auth Flow */

if (isset($_REQUEST['wipe'])) {
// Logging out
wipe();
return;
}

if (isset($_REQUEST['start'])) {
// Let's start the OAuth dance
request_token($tmhOAuth);
}
elseif (isset($_REQUEST['oauth_verifier'])) {
access_token($tmhOAuth);
}
elseif (isset($_SESSION['access_token'])) {
// Some credentials already stored in this browser session.
verify_credentials($tmhOAuth);
}
else {
// User's not logged in.
echo json_encode(array('loggedin' => false));
}