-
-
Save couillardcharles/5542bea0bd72ca82a0d9 to your computer and use it in GitHub Desktop.
Configuration HybridAuth pour l'Emploi Store
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Cet exemple utilise la bibliothèque ITLized qui permet d’intégrer simplement HybridAuth à Symfony https://github.com/ITLized/social | |
# Ajouter le bundle au fichier composer.json | |
{ | |
"require": { | |
// ... | |
"itlized/social": "~2.1" | |
} | |
} | |
# Mettre à jour les bundles | |
# Ajouter le bundle au fichier app/AppKernel.php | |
public function registerBundles() | |
{ | |
$bundles = array( | |
// ... | |
new Itlized\Bundle\SocialBundle\ItlizedSocialBundle(), | |
// ... | |
); | |
} | |
# Ajouter le fichier app/config/routing.yml du bundle | |
itlized_social: | |
resource: "@ItlizedSocialBundle/Resources/config/routing.yml" | |
prefix: / | |
# Configurer les parametres du bundle dans app/config/config.yml | |
parameters: | |
itlized_social: | |
routing: itlized_social_endpoint | |
providers: | |
EmploiStore: | |
enabled: true | |
keys: | |
id: myClientID | |
secret: password | |
# Ajouter le provider EmploiStore.php aux provider HybridAuth dans vendor/itlized/hybridauth/hybridauth/Hybrid/Providers/EmploiStore.php | |
<?php | |
class Hybrid_Providers_EmploiStore extends Hybrid_Provider_Model_OAuth2 | |
{ | |
public $scope = "openid email profile"; | |
function initialize() | |
{ | |
if ( ! $this->config["keys"]["id"] || ! $this->config["keys"]["secret"] ){ | |
throw new Exception( "Your application id and secret are required in order to connect to {$this->providerId}.", 4 ); | |
} | |
if( isset( $this->config["scope"] ) && ! empty( $this->config["scope"] ) ){ | |
$this->scope = $this->config["scope"]; | |
} | |
require_once Hybrid_Auth::$config["path_libraries"] . "EmploiStore/EmploiStoreClient.php"; | |
$this->api = new EmploiStoreClient( $this->config["keys"]["id"], $this->config["keys"]["secret"], $this->endpoint ); | |
if( $this->token( "access_token" ) ){ | |
$this->api->access_token = $this->token( "access_token" ); | |
$this->api->refresh_token = $this->token( "refresh_token" ); | |
$this->api->access_token_expires_in = $this->token( "expires_in" ); | |
$this->api->access_token_expires_at = $this->token( "expires_at" ); | |
} | |
$this->api->api_base_url = 'https://www.emploi-store.fr/identite/oauth2/'; | |
$this->api->authorize_url = "https://www.emploi-store.fr/identite/oauth2/oauth2/authorize"; | |
$this->api->token_url = "https://www.emploi-store.fr/identite/oauth2/access_token"; | |
$this->api->curl_authenticate_method = "POST"; | |
} | |
function getUserProfile() | |
{ | |
$response = $this->request( "https://www.emploi-store.fr/identite/oauth2/userinfo" ); | |
if ( ! isset( $response->sub ) || isset( $response->error ) ){ | |
throw new Exception( "User profile request failed! {$this->providerId} returned an invalid response.", 6 ); | |
} | |
$this->user->profile->identifier = (property_exists($response,'sub'))?$response->sub:""; | |
$this->user->profile->firstName = (property_exists($response,'given_name'))?$response->given_name:""; | |
$this->user->profile->lastName = (property_exists($response,'family_name'))?$response->family_name:""; | |
$this->user->profile->displayName = (property_exists($response,'name'))?$response->name:""; | |
$this->user->profile->email = (property_exists($response,'email'))?$response->email:""; | |
return $this->user->profile; | |
} | |
function request($url) | |
{ | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_HEADER, 0); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
curl_setopt($ch, CURLOPT_USERAGENT, $this->api->curl_useragent); | |
curl_setopt($ch, CURLOPT_URL, $url); | |
$headers = array('Authorization: Bearer ' . $this->api->access_token); | |
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); | |
$data = curl_exec($ch); | |
curl_close($ch); | |
$data = json_decode($data); | |
return $data; | |
} | |
} | |
# Ajouter le client OAuth2 EmploiStoreClient.php dans vendor/itlized/hybridauth/hybridauth/Hybrid/thirdparty/EmploiStore/EmploiStoreClient.php | |
<?php | |
require_once Hybrid_Auth::$config['path_libraries'] . 'OAuth/OAuth2Client.php'; | |
class EmploiStoreException extends Exception {} | |
class EmploiStoreClient extends OAuth2Client { | |
public function __construct( $client_id = false, $client_secret = false, $client_realm = "", $redirect_uri='' ) | |
{ | |
$this->client_id = $client_id; | |
$this->client_secret = $client_secret; | |
$this->redirect_uri = $redirect_uri; | |
$this->realm = $client_realm; | |
} | |
public function authorizeUrl( $extras = array() ) | |
{ | |
$params = array( | |
"client_id" => $this->client_id, | |
"redirect_uri" => $this->redirect_uri, | |
"realm" => $this->realm, | |
"response_type" => "code" | |
); | |
if( count($extras) ) | |
foreach( $extras as $k=>$v ) | |
$params[$k] = $v; | |
return $this->authorize_url . "?" . http_build_query( $params ); | |
} | |
public function authenticate( $code ) | |
{ | |
$params = "client_id=" . $this->client_id . | |
"&client_secret=" . $this->client_secret . | |
"&grant_type=authorization_code" . | |
"&redirect_uri=" . $this->redirect_uri . | |
"&realm=" . $this->realm . | |
"&code=" . $code; | |
$response = $this->sendRequest($this->token_url, $params, $this->curl_authenticate_method); | |
$response = $this->decodeRequest($response); | |
if (!$response || !isset($response->access_token)) { | |
throw new Exception("The Authorization Service has return: " . $response->error); | |
} | |
if (isset($response->access_token)) $this->access_token = $response->access_token; | |
if (isset($response->refresh_token)) $this->refresh_token = $response->refresh_token; | |
if (isset($response->expires_in)) $this->access_token_expires_in = $response->expires_in; | |
// calculate when the access token expire | |
if (isset($response->expires_in)) { | |
$this->access_token_expires_at = time() + $response->expires_in; | |
} | |
return $response; | |
} | |
private function sendRequest( $url, $params=false, $type="GET" ) | |
{ | |
Hybrid_Logger::info( "Enter OAuth2Client::request( $url )" ); | |
Hybrid_Logger::debug( "OAuth2Client::request(). dump request params: ", serialize( $params ) ); | |
if( $type == "GET" ){ | |
$url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . http_build_query( $params ); | |
} | |
$this->http_info = array(); | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_URL , $url ); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 ); | |
curl_setopt($ch, CURLOPT_TIMEOUT , $this->curl_time_out ); | |
curl_setopt($ch, CURLOPT_USERAGENT , $this->curl_useragent ); | |
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out ); | |
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer ); | |
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost ); | |
curl_setopt($ch, CURLOPT_HTTPHEADER , $this->curl_header ); | |
if($this->curl_proxy){ | |
curl_setopt( $ch, CURLOPT_PROXY , $this->curl_proxy); | |
} | |
if( $type == "POST" ){ | |
curl_setopt($ch, CURLOPT_POST, 1); | |
if($params) curl_setopt( $ch, CURLOPT_POSTFIELDS, $params ); | |
} | |
$response = curl_exec($ch); | |
if( $response === FALSE ) { | |
Hybrid_Logger::error( "OAuth2Client::request(). curl_exec error: ", curl_error($ch) ); | |
} | |
Hybrid_Logger::debug( "OAuth2Client::request(). dump request info: ", serialize( curl_getinfo($ch) ) ); | |
Hybrid_Logger::debug( "OAuth2Client::request(). dump request result: ", serialize( $response ) ); | |
$this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); | |
$this->http_info = array_merge($this->http_info, curl_getinfo($ch)); | |
curl_close ($ch); | |
return $response; | |
} | |
private function decodeRequest( $result ) | |
{ | |
if( json_decode( $result ) ) return json_decode( $result ); | |
parse_str( $result, $ouput ); | |
$result = new StdClass(); | |
foreach( $ouput as $k => $v ) | |
$result->$k = $v; | |
return $result; | |
} | |
} | |
# Pour tester la connexion, vous pouvez ouvrir votre navigateur à l’adresse http://votreapplication/social/connect/emploistore et vous authentifier. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment