1: | <?php
|
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: |
|
15: |
|
16: | namespace League\OAuth2\Client\Provider;
|
17: |
|
18: | require 'vendor/autoload.php';
|
19: |
|
20: | use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
|
21: | use League\OAuth2\Client\Token\AccessToken;
|
22: | use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
|
23: | use Psr\Http\Message\ResponseInterface;
|
24: |
|
25: | session_start();
|
26: |
|
27: |
|
28: | $redirectUri = isset($_SERVER['HTTPS']) ? 'https://' : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
|
29: |
|
30: |
|
31: |
|
32: | $clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
|
33: | $clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
|
34: |
|
35: | class Google extends AbstractProvider
|
36: | {
|
37: | use BearerAuthorizationTrait;
|
38: |
|
39: | const ACCESS_TOKEN_RESOURCE_OWNER_ID = 'id';
|
40: |
|
41: | |
42: | |
43: | |
44: |
|
45: | protected $accessType;
|
46: |
|
47: | |
48: | |
49: | |
50: |
|
51: | protected $hostedDomain;
|
52: |
|
53: | |
54: | |
55: | |
56: |
|
57: | protected $scope;
|
58: |
|
59: | public function getBaseAuthorizationUrl()
|
60: | {
|
61: | return 'https://accounts.google.com/o/oauth2/auth';
|
62: | }
|
63: |
|
64: | public function getBaseAccessTokenUrl(array $params)
|
65: | {
|
66: | return 'https://accounts.google.com/o/oauth2/token';
|
67: | }
|
68: |
|
69: | public function getResourceOwnerDetailsUrl(AccessToken $token)
|
70: | {
|
71: | return ' ';
|
72: | }
|
73: |
|
74: | protected function getAuthorizationParameters(array $options)
|
75: | {
|
76: | if (is_array($this->scope)) {
|
77: | $separator = $this->getScopeSeparator();
|
78: | $this->scope = implode($separator, $this->scope);
|
79: | }
|
80: |
|
81: | $params = array_merge(
|
82: | parent::getAuthorizationParameters($options),
|
83: | array_filter([
|
84: | 'hd' => $this->hostedDomain,
|
85: | 'access_type' => $this->accessType,
|
86: | 'scope' => $this->scope,
|
87: |
|
88: | 'authuser' => '-1'
|
89: | ])
|
90: | );
|
91: | return $params;
|
92: | }
|
93: |
|
94: | protected function getDefaultScopes()
|
95: | {
|
96: | return [
|
97: | 'email',
|
98: | 'openid',
|
99: | 'profile',
|
100: | ];
|
101: | }
|
102: |
|
103: | protected function getScopeSeparator()
|
104: | {
|
105: | return ' ';
|
106: | }
|
107: |
|
108: | protected function checkResponse(ResponseInterface $response, $data)
|
109: | {
|
110: | if (!empty($data['error'])) {
|
111: | $code = 0;
|
112: | $error = $data['error'];
|
113: |
|
114: | if (is_array($error)) {
|
115: | $code = $error['code'];
|
116: | $error = $error['message'];
|
117: | }
|
118: |
|
119: | throw new IdentityProviderException($error, $code, $data);
|
120: | }
|
121: | }
|
122: |
|
123: | protected function createResourceOwner(array $response, AccessToken $token)
|
124: | {
|
125: | return new GoogleUser($response);
|
126: | }
|
127: | }
|
128: |
|
129: |
|
130: |
|
131: | $provider = new Google(
|
132: | array(
|
133: | 'clientId' => $clientId,
|
134: | 'clientSecret' => $clientSecret,
|
135: | 'redirectUri' => $redirectUri,
|
136: | 'scope' => array('https://mail.google.com/'),
|
137: | 'accessType' => 'offline'
|
138: | )
|
139: | );
|
140: |
|
141: | if (!isset($_GET['code'])) {
|
142: |
|
143: | $authUrl = $provider->getAuthorizationUrl();
|
144: | $_SESSION['oauth2state'] = $provider->getState();
|
145: | header('Location: ' . $authUrl);
|
146: | exit;
|
147: |
|
148: | } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
|
149: | unset($_SESSION['oauth2state']);
|
150: | exit('Invalid state');
|
151: | } else {
|
152: |
|
153: | $token = $provider->getAccessToken(
|
154: | 'authorization_code',
|
155: | array(
|
156: | 'code' => $_GET['code']
|
157: | )
|
158: | );
|
159: |
|
160: |
|
161: | echo 'Refresh Token: ' . $token->getRefreshToken();
|
162: | }
|
163: | |