chadwilken/oauth-client.php

## oauth-client.php
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
    'clientId'                => '',    // Your client ID
    'clientSecret'            => '',   // Your secret key
    'redirectUri'             => 'https://lonestarhazmatapp.com/wp-json/moserver/authorize', // This is where we redirect you/the user after they say it is okay for you to access CompanyCam on their behalf
    'urlAuthorize'            => 'https://app.companycam.com/oauth/authorize',
    'urlAccessToken'          => 'https://app.companycam.com/oauth/token'
]);

// If we don't have an authorization code then get one
// This would be in the Wordpress Admin UI, hook it up to a button or something
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl();

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: ' . $authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {

    if (isset($_SESSION['oauth2state'])) {
        unset($_SESSION['oauth2state']);
    }

    exit('Invalid state');

} else {

    // Once the user click the button outlined above and is sent to CompanyCam
    // and then redirected back, this code will be executed.
    try {

        // Try to get an access token using the authorization code grant.
        $accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // We have an access token, which we may use in authenticated
        // requests with CompanyCam.
        // Store the access token, refresh token, and expiration date (not the seconds, but calculate WHEN).
        echo 'Access Token: ' . $accessToken->getToken() . "<br>";
        echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "<br>";
        echo 'Expired in: ' . $accessToken->getExpires() . "<br>";
        echo 'Already expired? ' . ($accessToken->hasExpired() ? 'expired' : 'not expired') . "<br>";

        // The provider provides a way to get an authenticated API request for
        // the service, using the access token; it returns an object conforming
        // to Psr\Http\Message\RequestInterface.
        $request = $provider->getAuthenticatedRequest(
            'GET',
            'https://api.companycam.com/v2/projects',
            $accessToken
        );

    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());

    }

}
	$provider = new \League\OAuth2\Client\Provider\GenericProvider([
	'clientId' => '', // Your client ID
	'clientSecret' => '', // Your secret key
	'redirectUri' => 'https://lonestarhazmatapp.com/wp-json/moserver/authorize', // This is where we redirect you/the user after they say it is okay for you to access CompanyCam on their behalf
	'urlAuthorize' => 'https://app.companycam.com/oauth/authorize',
	'urlAccessToken' => 'https://app.companycam.com/oauth/token'
	]);

	// If we don't have an authorization code then get one
	// This would be in the Wordpress Admin UI, hook it up to a button or something
	if (!isset($_GET['code'])) {

	// Fetch the authorization URL from the provider; this returns the
	// urlAuthorize option and generates and applies any necessary parameters
	// (e.g. state).
	$authorizationUrl = $provider->getAuthorizationUrl();

	// Get the state generated for you and store it to the session.
	$_SESSION['oauth2state'] = $provider->getState();

	// Redirect the user to the authorization URL.
	header('Location: ' . $authorizationUrl);
	exit;

	// Check given state against previously stored one to mitigate CSRF attack
	} elseif (empty($_GET['state']) \|\| (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {

	if (isset($_SESSION['oauth2state'])) {
	unset($_SESSION['oauth2state']);
	}

	exit('Invalid state');

	} else {

	// Once the user click the button outlined above and is sent to CompanyCam
	// and then redirected back, this code will be executed.
	try {

	// Try to get an access token using the authorization code grant.
	$accessToken = $provider->getAccessToken('authorization_code', [
	'code' => $_GET['code']
	]);

	// We have an access token, which we may use in authenticated
	// requests with CompanyCam.
	// Store the access token, refresh token, and expiration date (not the seconds, but calculate WHEN).
	echo 'Access Token: ' . $accessToken->getToken() . "<br>";
	echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "<br>";
	echo 'Expired in: ' . $accessToken->getExpires() . "<br>";
	echo 'Already expired? ' . ($accessToken->hasExpired() ? 'expired' : 'not expired') . "<br>";

	// The provider provides a way to get an authenticated API request for
	// the service, using the access token; it returns an object conforming
	// to Psr\Http\Message\RequestInterface.
	$request = $provider->getAuthenticatedRequest(
	'GET',
	'https://api.companycam.com/v2/projects',
	$accessToken
	);

	} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

	// Failed to get the access token or user details.
	exit($e->getMessage());

	}

	}