Tiger Chuang - 2017-12-05 16:36:34
Hi, Manuel, thanks for your OAuth-api (php) library. It's very easy to integrate it to handle the authorization process with only a few lines of code. When I study the document, it was found that you also defined the "append_state_to_redirect_uri" and "stored_state" in the class. I wonder that how could those two variables be used to pass the UserID during the authorization process?
We want to use them to save the token in the database with the specific user_ID. The flow is as follows:
1. A user inputs their data to register on the mobile app.
2. He/she clicks the "Authorize" button to send the user id to the "http://PublicWebsite/../login_in_with_fitbit2.php?uid=x".
3. It opens the Authorization page (https://www.fitbit.com/oauth2/authorize) with the scopes defined in the codes.
4. After clicking the confirm button, it redirected the user back to login_with_fitbit2.php. At this time, we wanted the webpage to be able to remember the user_ID(?uid=x) passed in the second step.
After reading the document, I tried the "append_state_to_redirect_uri" and "stored_state" with following codes:
$client->state = "uid=" . $uid;
$client->append_state_to_redirect_uri = "?uid=" . $uid;
Was the syntax correct? Unfortunately, I couldn't see the UserID in the URI or get it returned in the login_with_fitbit2.php. Do I need to encode/decode the variables (such as the steps explained in https://auth0.com/docs/protocols/oauth2/oauth-state)?
Could you tell me the correct way to use them or show me some examples?
Thank you very much.
Best wishes, Tiger
Manuel Lemos - 2017-12-06 05:43:51 - In reply to 
