PHP Classes

Oauth and Auth Token flow

Recommend this page to a friend!

      PHP OAuth Library  >  PHP OAuth Library package blog  >  How to Implement a PH...  >  All threads  >  Oauth and Auth Token flow  >  (Un) Subscribe thread alerts  
Subject:Oauth and Auth Token flow
Summary:Compatibility with Alt Authorization Code Flow
Messages:7
Author:Shelly Warren
Date:2016-01-28 01:21:43
 

  1. Oauth and Auth Token flow   Reply   Report abuse  
Picture of Shelly Warren Shelly Warren - 2016-01-28 01:21:43
First, your classes are amazing and have surpassed every expectation I have imagined! Thank You!

My question is around the flow of obtaining an access token when the protocol slips in the extra step of an authorization code as described in the link below, I could not explain it as well as he did. :)

stackoverflow.com/questions/1338769 ...

My thoughts are if I modify the switch in oauth_client.php line 1792 and add another grant type I could accommodate this flow. I was unsure if the usage of the api_key was created for this type of scenario and maybe I just need to add a small enhancement.

Of course I could be missing it totally and you have already accommodated this need so I thought I would ask first. :)

Thank you for any help or suggestion!

  2. Re: Oauth and Auth Token flow   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2016-01-28 03:05:01 - In reply to message 1 from Shelly Warren
I can improve the class to support other grant types but it would be easier if I could have an API that supported the grant type you want. What API do you want to access? Is it public? Can you share it?

Also, you mention line 1792. Maybe you are referring to an old version of the class, as in that line there is no grant type switch in the current version. So you should upgrade.

  3. Re: Oauth and Auth Token flow   Reply   Report abuse  
Picture of Shelly Warren Shelly Warren - 2016-01-28 14:21:41 - In reply to message 2 from Manuel Lemos
Your amazing!

I am working to connect to InfusionSoft api, they are like Salesforce but with the extra auth code call, as far as I can tell.

developer.infusionsoft.com/

I am using the rest api.

I will wait for your response and upgrade right now.

Thanks again!

  4. Re: Oauth and Auth Token flow   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2016-01-29 23:12:20 - In reply to message 3 from Shelly Warren
I have tried it with authorization_code grant type and the authorization worked.

What API call are you doing that may be getting you any problems?

  5. Re: Oauth and Auth Token flow   Reply   Report abuse  
Picture of Shelly Warren Shelly Warren - 2016-01-30 01:01:22 - In reply to message 4 from Manuel Lemos
I was calling the 'https://signin.infusionsoft.com/app/oauth/authorize' and 'https://api.infusionsoft.com/token' urls from the REST API authorization calls and it appeared that it did get to the retrieving of a 'code' but this API had the extra step of resubmitting that 'code' to finally get the actual 'token' needed to login.

It mostly worked, so maybe I am just configuring things incorrectly. I believe I just had to add a condition for the API in the oauth_configuration.json file and use it like all the other examples show.

Here is the config I entered:
"InfusionSoft":
{
"oauth_version": "2.0",
"dialog_url": "https://signin.infusionsoft.com/app/oauth/authorize?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope={SCOPE}",
"request_token_url": "https://api.infusionsoft.com/token?code={CODE}&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}",
"access_token_url": "https://api.infusionsoft.com/token?code={CODE}&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}",
"default_access_token_type": "Bearer",
"store_access_token_response": true
},

I did put a small wrapper around your classes into my platform to achieve my need functionality. I used the github and salesforce examples as a guideline to attempt using your library to access InfusionSoft the correct way, in case it was my wrapper.

I had to adjust two things.
First create a way to pass the 'code' value returned from the first call to you oauth_client class.

Then altered the process in my wrapper to do the else check:
$this->sfConnObj->redirect_uri = $this->redirect_uri;
if($this->sfConnObj->Initialize()){
if($this->sfConnObj->Process()){
if(strlen($this->sfConnObj->authorization_error)){
$success = false;
}elseif(strlen($this->sfConnObj->access_token)){
$success = $this->sfConnObj->SetUser($this->userId);
}else{
$this->sfConnObj->ProcessToken2($this->bfcauthcode, false);
if(strlen($this->sfConnObj->access_token)){
$success = $this->sfConnObj->SetUser($this->userId);
}
}
}
}

I believe I am not supposed to call the ProcessToken2 directly but it worked very well and I figured I would fix it once I saw how you achieved the authorization. It worked well enough to store a token so I could get some more interaction with the API going, however the refresh token does not work, I had to get another token today. I was using the 'authorization_code' grant type, after looking at how they refresh the token it almost felt like I would need to call it as a 'basic' for the refresh but I did not dig in very deep yet.

Did I just mis-configure something?

Thank so much,
Shelly



  6. Re: Oauth and Auth Token flow   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2016-01-30 05:02:44 - In reply to message 5 from Shelly Warren
Well the refresh token requires basic authentication.

Anyway, I added Infusionsoft support to the oauth_configuration.json file and an example, so you do not have to wonder to much how to do it.

  7. Re: Oauth and Auth Token flow   Reply   Report abuse  
Picture of Shelly Warren Shelly Warren - 2016-01-30 13:48:27 - In reply to message 6 from Manuel Lemos
Amazing as always!
Thank you!