Configuration HybridAuth pour l'Emploi Store
# Cet exemple utilise la bibliothèque ITLized qui permet d’intégrer simplement HybridAuth à Symfony https://github.com/ITLized/social | |
# Ajouter le bundle au fichier composer.json | |
{ | |
"require": { | |
// ... | |
"itlized/social": "~2.1" | |
} | |
} | |
# Mettre à jour les bundles | |
# Ajouter le bundle au fichier app/AppKernel.php | |
public function registerBundles() | |
{ | |
$bundles = array( | |
// ... | |
new Itlized\Bundle\SocialBundle\ItlizedSocialBundle(), | |
// ... | |
); | |
} | |
# Ajouter le fichier app/config/routing.yml du bundle | |
itlized_social: | |
resource: "@ItlizedSocialBundle/Resources/config/routing.yml" | |
prefix: / | |
# Configurer les parametres du bundle dans app/config/config.yml | |
parameters: | |
itlized_social: | |
routing: itlized_social_endpoint | |
providers: | |
EmploiStore: | |
enabled: true | |
keys: | |
id: myClientID | |
secret: password | |
# Ajouter le provider EmploiStore.php aux provider HybridAuth dans vendor/itlized/hybridauth/hybridauth/Hybrid/Providers/EmploiStore.php | |
<?php | |
class Hybrid_Providers_EmploiStore extends Hybrid_Provider_Model_OAuth2 | |
{ | |
public $scope = "openid email profile"; | |
function initialize() | |
{ | |
if ( ! $this->config["keys"]["id"] || ! $this->config["keys"]["secret"] ){ | |
throw new Exception( "Your application id and secret are required in order to connect to {$this->providerId}.", 4 ); | |
} | |
if( isset( $this->config["scope"] ) && ! empty( $this->config["scope"] ) ){ | |
$this->scope = $this->config["scope"]; | |
} | |
require_once Hybrid_Auth::$config["path_libraries"] . "EmploiStore/EmploiStoreClient.php"; | |
$this->api = new EmploiStoreClient( $this->config["keys"]["id"], $this->config["keys"]["secret"], $this->endpoint ); | |
if( $this->token( "access_token" ) ){ | |
$this->api->access_token = $this->token( "access_token" ); | |
$this->api->refresh_token = $this->token( "refresh_token" ); | |
$this->api->access_token_expires_in = $this->token( "expires_in" ); | |
$this->api->access_token_expires_at = $this->token( "expires_at" ); | |
} | |
$this->api->api_base_url = 'https://www.emploi-store.fr/identite/oauth2/'; | |
$this->api->authorize_url = "https://www.emploi-store.fr/identite/oauth2/oauth2/authorize"; | |
$this->api->token_url = "https://www.emploi-store.fr/identite/oauth2/access_token"; | |
$this->api->curl_authenticate_method = "POST"; | |
} | |
function getUserProfile() | |
{ | |
$response = $this->request( "https://www.emploi-store.fr/identite/oauth2/userinfo" ); | |
if ( ! isset( $response->sub ) || isset( $response->error ) ){ | |
throw new Exception( "User profile request failed! {$this->providerId} returned an invalid response.", 6 ); | |
} | |
$this->user->profile->identifier = (property_exists($response,'sub'))?$response->sub:""; | |
$this->user->profile->firstName = (property_exists($response,'given_name'))?$response->given_name:""; | |
$this->user->profile->lastName = (property_exists($response,'family_name'))?$response->family_name:""; | |
$this->user->profile->displayName = (property_exists($response,'name'))?$response->name:""; | |
$this->user->profile->email = (property_exists($response,'email'))?$response->email:""; | |
return $this->user->profile; | |
} | |
function request($url) | |
{ | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_HEADER, 0); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
curl_setopt($ch, CURLOPT_USERAGENT, $this->api->curl_useragent); | |
curl_setopt($ch, CURLOPT_URL, $url); | |
$headers = array('Authorization: Bearer ' . $this->api->access_token); | |
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); | |
$data = curl_exec($ch); | |
curl_close($ch); | |
$data = json_decode($data); | |
return $data; | |
} | |
} | |
# Ajouter le client OAuth2 EmploiStoreClient.php dans vendor/itlized/hybridauth/hybridauth/Hybrid/thirdparty/EmploiStore/EmploiStoreClient.php | |
<?php | |
require_once Hybrid_Auth::$config['path_libraries'] . 'OAuth/OAuth2Client.php'; | |
class EmploiStoreException extends Exception {} | |
class EmploiStoreClient extends OAuth2Client { | |
public function __construct( $client_id = false, $client_secret = false, $client_realm = "", $redirect_uri='' ) | |
{ | |
$this->client_id = $client_id; | |
$this->client_secret = $client_secret; | |
$this->redirect_uri = $redirect_uri; | |
$this->realm = $client_realm; | |
} | |
public function authorizeUrl( $extras = array() ) | |
{ | |
$params = array( | |
"client_id" => $this->client_id, | |
"redirect_uri" => $this->redirect_uri, | |
"realm" => $this->realm, | |
"response_type" => "code" | |
); | |
if( count($extras) ) | |
foreach( $extras as $k=>$v ) | |
$params[$k] = $v; | |
return $this->authorize_url . "?" . http_build_query( $params ); | |
} | |
public function authenticate( $code ) | |
{ | |
$params = "client_id=" . $this->client_id . | |
"&client_secret=" . $this->client_secret . | |
"&grant_type=authorization_code" . | |
"&redirect_uri=" . $this->redirect_uri . | |
"&realm=" . $this->realm . | |
"&code=" . $code; | |
$response = $this->sendRequest($this->token_url, $params, $this->curl_authenticate_method); | |
$response = $this->decodeRequest($response); | |
if (!$response || !isset($response->access_token)) { | |
throw new Exception("The Authorization Service has return: " . $response->error); | |
} | |
if (isset($response->access_token)) $this->access_token = $response->access_token; | |
if (isset($response->refresh_token)) $this->refresh_token = $response->refresh_token; | |
if (isset($response->expires_in)) $this->access_token_expires_in = $response->expires_in; | |
// calculate when the access token expire | |
if (isset($response->expires_in)) { | |
$this->access_token_expires_at = time() + $response->expires_in; | |
} | |
return $response; | |
} | |
private function sendRequest( $url, $params=false, $type="GET" ) | |
{ | |
Hybrid_Logger::info( "Enter OAuth2Client::request( $url )" ); | |
Hybrid_Logger::debug( "OAuth2Client::request(). dump request params: ", serialize( $params ) ); | |
if( $type == "GET" ){ | |
$url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . http_build_query( $params ); | |
} | |
$this->http_info = array(); | |
$ch = curl_init(); | |
curl_setopt($ch, CURLOPT_URL , $url ); | |
curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 ); | |
curl_setopt($ch, CURLOPT_TIMEOUT , $this->curl_time_out ); | |
curl_setopt($ch, CURLOPT_USERAGENT , $this->curl_useragent ); | |
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out ); | |
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer ); | |
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost ); | |
curl_setopt($ch, CURLOPT_HTTPHEADER , $this->curl_header ); | |
if($this->curl_proxy){ | |
curl_setopt( $ch, CURLOPT_PROXY , $this->curl_proxy); | |
} | |
if( $type == "POST" ){ | |
curl_setopt($ch, CURLOPT_POST, 1); | |
if($params) curl_setopt( $ch, CURLOPT_POSTFIELDS, $params ); | |
} | |
$response = curl_exec($ch); | |
if( $response === FALSE ) { | |
Hybrid_Logger::error( "OAuth2Client::request(). curl_exec error: ", curl_error($ch) ); | |
} | |
Hybrid_Logger::debug( "OAuth2Client::request(). dump request info: ", serialize( curl_getinfo($ch) ) ); | |
Hybrid_Logger::debug( "OAuth2Client::request(). dump request result: ", serialize( $response ) ); | |
$this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); | |
$this->http_info = array_merge($this->http_info, curl_getinfo($ch)); | |
curl_close ($ch); | |
return $response; | |
} | |
private function decodeRequest( $result ) | |
{ | |
if( json_decode( $result ) ) return json_decode( $result ); | |
parse_str( $result, $ouput ); | |
$result = new StdClass(); | |
foreach( $ouput as $k => $v ) | |
$result->$k = $v; | |
return $result; | |
} | |
} | |
# Pour tester la connexion, vous pouvez ouvrir votre navigateur à l’adresse http://votreapplication/social/connect/emploistore et vous authentifier. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment