-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.php
More file actions
72 lines (65 loc) · 2.86 KB
/
index.php
File metadata and controls
72 lines (65 loc) · 2.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
require __DIR__ . '/vendor/autoload.php';
// reading hidden clientId and clientSecret
require './appconf.php';
// we used session to store the state
session_start();
// create our IDCS OAuth2 provider
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => APP_CLIENT_ID,
'clientSecret' => APP_CLIENT_SECRET ,
'scopes' => 'urn:opc:idm:__myscopes__',
'redirectUri' => 'https://your_web_server/',
'urlAuthorize' => 'https://your_IDCS_tenant/oauth2/v1/authorize',
'urlAccessToken' => 'https://your_IDCS_tenant/oauth2/v1/token',
'urlResourceOwnerDetails' => 'https://your_IDCS_tenant/admin/v1/Me'
]);
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
// Fetch the authorization URL from the provider; this returns the
$authorizationUrl = $provider->getAuthorizationUrl();
// Get the state generated and store in session.
$_SESSION['oauth2state'] = $provider->getState();
// create the login button / URL
echo "<html><body><h1>IDCS BYOA PHP Page</h1>";
echo "<a href=\"$authorizationUrl\">Login with IDCS</a><br /><br />\n";
echo "<div style='height:200px; width:600px; overflow:auto; border:3px solid green; padding: 5px'>";
echo "<pre>\n";
echo show_source("index.php");
echo "</pre>\n";
echo "</div>\n";
echo "</body></html>";
exit;
// user retrun from login, i.e. callbackUrl
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
try {
// Try to get an access token using the authorization code grant.
// which is in the URL query string
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// We have an access token, which we may use in authenticated
// requests to get user info
// Using the access token, we may look up details about the
// resource owner.
$resourceOwner = $provider->getResourceOwner($accessToken);
$meami = $resourceOwner->toArray();
echo "<h1>Hello " . $meami['displayName'] . "</h1><hr />\n";
echo "<h2>User Info retrieve from IDCS</h2>";
echo "<pre>\n";
var_export($resourceOwner->toArray());
echo "</pre>\n";
echo "<div style='height:200px; width:600px; overflow:auto; border:3px solid green; padding: 5px'>";
echo "<pre>\n";
echo show_source("index.php");
echo "</pre>\n";
echo "</div>\n";
} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
// Failed to get the access token or user details.
exit($e->getMessage());
}
}