Callback sample code

callback.php

<?php
require_once 'vendor/autoload.php';
session_start();
date_default_timezone_set('UTC');

const CLIENT_ID = {Client ID};
const CLIENT_SECRET = {Client Secret};

const REDIRECT_URI_MAIN = 'http://example.com/index.php';
const REDIRECT_URI_OAUTH = 'http://example.comp/callback.php';

use KangarooRewards\OAuth2\Client\Provider\Kangaroo as KangarooProvider;

$kangaroo = new KangarooProvider([
    'clientId' => CLIENT_ID,
    'clientSecret' => CLIENT_SECRET,
    'redirectUri' => REDIRECT_URI_OAUTH,
]);

//store the state statically only if you want to request authorization from resource owner by email
$mySecretState = 'N6OC7oKtVxBGpkzhyCIxJEuOSIQRYCiA';//any random string

if (isset($_GET['error'])) {
	echo $_GET['error'];
	$message = (isset($_GET['message'])) ? $_GET['message'] : '' ;
	if ($message) {
		echo ': ' . $message;
	}
	exit;

} elseif (!isset($_GET['code'])) {

	// If we don't have an authorization code then get one
	$authUrl = $kangaroo->getAuthorizationUrl();
    
	//store state parameter in session if you don't plan to request authorization from resource owner by email
	//$_SESSION['oauth2state'] = $kangaroo->getState();

	header('Location: ' . $authUrl); die('Redirect');

	// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $mySecretState) ) {
	//$_GET['state'] !== $_SESSION['oauth2state']
	echo 'Invalid state.';
	exit;
}

try {
	// Try to get an access token (using the authorization code grant)
	$token = $kangaroo->getAccessToken('authorization_code', [
		'code' => $_GET['code'],
	]);

	$accessToken = $token->getToken();

    	//you may want to store it in a database
	$_SESSION['kangaroo_access_token'] = $token;
    
} catch (\Exception $e) {
	echo $e->getMessage(); die;
}

header('Location: ' . REDIRECT_URI_MAIN);
die('Redirect');

?>