ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Pretty print github-style codeblocks

Browse Source
This commit is contained in:
Alex Bilbie
2013-02-15 16:33:18 +00:00
parent 57c24953be
commit ff37850fea
1 changed files with 170 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
AuthServer.md
View File

@ -46,8 +46,9 @@ _NOTE: This is assuming youre using a framework that follows an MVC pattern,
In your controller constuctor you should instantiate the auth server:
public function __construct()
{
```php
public function __construct()
{
// Initiate the request handler which deals with $_GET, $_POST, etc
$request = new \OAuth2\Util\Request();
@ -59,12 +60,14 @@ In your controller constuctor you should instantiate the auth server:
// Set the TTL of an access token in seconds (default to 3600s / 1 hour)
$this->authserver->setExpiresIn(86400);
}
}
```
Create your first route (for example “index” - which would resolve to _/oauth_).
public function action_index()
{
```php
public function action_index()
{
try {
// Tell the auth server to check the required parameters are in the query string
@ -89,12 +92,14 @@ Create your first route (for example “index” - which would resolve to _/oaut
// Throw an error here which has caught a non-library specific error
}
}
}
```
Next create a sign-in route:
public function action_signin()
{
```php
public function action_signin()
{
// Retrieve the auth params from the user's session
$params['client_id'] = Session::get('client_id');
$params['client_details'] = Session::get('client_details');
@ -148,14 +153,16 @@ Next create a sign-in route:
else {
return View::make('oauth.signin', $params);
}
}
}
```
In the sign-in form HTML page you should tell the user the name of the client that their signing into.
Once the user has signed in (if they didnt already have an existing session) then they should be redirected the authorise route where the user explicitly gives permission for the client to act on their behalf.
public function action_authorise()
{
```php
public function action_authorise()
{
// Retrieve the auth params from the user's session
$params['client_id'] = Session::get('client_id');
$params['client_details'] = Session::get('client_details');
@ -205,14 +212,16 @@ Once the user has signed in (if they didnt already have an existing session)
// The client shouldn't automatically be approved and the user hasn't yet approved it so show them a form
return View::make('oauth.authorise', $params);
}
}
```
In the authorize form the user should again be told the name of the client and also list all the scopes (permissions) it is requesting.
The final route to create is where the client exchanges the authorization code for an access token.
public function action_access_token()
{
```php
public function action_access_token()
{
try {
// Tell the auth server to issue an access token
@ -237,7 +246,8 @@ The final route to create is where the client exchanges the authorization code f
header('Content-type: application/json');
echo json_encode($response);
}
}
header('Content-type: application/json');
echo json_encode($response);
}
}
```