-
-
Save danielsebesta/dfd10e0e45c1ed6ec6df3a33a0fcd99a to your computer and use it in GitHub Desktop.
Discord OAuth2 in PHP >> with working logout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('OAUTH2_CLIENT_ID', 'Your client ID'); | |
| define('OAUTH2_CLIENT_SECRET', 'Very secret client secret!!'); | |
| $authorizeURL = 'https://discord.com/api/oauth2/authorize'; | |
| $tokenURL = 'https://discord.com/api/oauth2/token'; | |
| $apiURLBase = 'https://discord.com/api/users/@me'; | |
| $revokeURL = 'https://discord.com/api/oauth2/token/revoke'; | |
| session_start(); | |
| if(get('action') == 'logout') { | |
| $_SESSION = array(); // destroy all $_SESSION data | |
| setcookie("PHPSESSID", "", time() - 3600, "/"); | |
| session_destroy(); | |
| } | |
| // Start the login process by sending the user to Discord's authorization page | |
| if(get('action') == 'login') { | |
| $params = array( | |
| 'client_id' => OAUTH2_CLIENT_ID, | |
| 'redirect_uri' => 'https://example.com/EDIT_THIS', | |
| 'response_type' => 'code', | |
| 'scope' => 'identify' | |
| ); | |
| // Redirect the user to Discord's authorization page | |
| header('Location: https://discord.com/api/oauth2/authorize' . '?' . http_build_query($params)); | |
| die(); | |
| } | |
| // When Discord redirects the user back here, there will be a "code" and "state" parameter in the query string | |
| if(get('code')) { | |
| // Exchange the auth code for a token | |
| $token = apiRequest($tokenURL, array( | |
| "grant_type" => "authorization_code", | |
| 'client_id' => OAUTH2_CLIENT_ID, | |
| 'client_secret' => OAUTH2_CLIENT_SECRET, | |
| 'redirect_uri' => 'https://example.com/EDIT_THIS', | |
| 'code' => get('code') | |
| )); | |
| $logout_token = $token->access_token; | |
| $_SESSION['access_token'] = $token->access_token; | |
| header('Location: ' . $_SERVER['PHP_SELF']); | |
| } | |
| if(session('access_token')) { | |
| $user = apiRequest($apiURLBase); | |
| echo 'Hello ' . $user->username . '! You can logout now. <a href="?action=logout"><button>Logout</button></a>'; | |
| } else { | |
| echo 'Hello stranger! <a href="?action=login"><button>Login with Discord</button></a>'; | |
| } | |
| if(get('action') == 'logout') { | |
| $_SESSION = array(); // destroy all $_SESSION data | |
| setcookie("PHPSESSID", "", time() - 3600, "/"); | |
| session_destroy(); | |
| } | |
| function apiRequest($url, $post=FALSE, $headers=array()) { | |
| $ch = curl_init($url); | |
| curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); | |
| $response = curl_exec($ch); | |
| if($post) | |
| curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); | |
| $headers[] = 'Accept: application/json'; | |
| if(session('access_token')) | |
| $headers[] = 'Authorization: Bearer ' . session('access_token'); | |
| curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); | |
| $response = curl_exec($ch); | |
| return json_decode($response); | |
| } | |
| function logout($url, $data=array()) { | |
| $ch = curl_init($url); | |
| curl_setopt_array($ch, array( | |
| CURLOPT_POST => TRUE, | |
| CURLOPT_RETURNTRANSFER => TRUE, | |
| CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4, | |
| CURLOPT_HTTPHEADER => array('Content-Type: application/x-www-form-urlencoded'), | |
| CURLOPT_POSTFIELDS => http_build_query($data), | |
| )); | |
| $response = curl_exec($ch); | |
| return json_decode($response); | |
| } | |
| function get($key, $default=NULL) { | |
| return array_key_exists($key, $_GET) ? $_GET[$key] : $default; | |
| } | |
| function session($key, $default=NULL) { | |
| return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default; | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Perfect.