Skip to content

Instantly share code, notes, and snippets.

@stephenharris

stephenharris/oauth-single-access-token.php

Created December 1, 2016 13:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stephenharris/8584b6d6e0c0e996c125a34b01a962a7 to your computer and use it in GitHub Desktop.
Save stephenharris/8584b6d6e0c0e996c125a34b01a962a7 to your computer and use it in GitHub Desktop.
Download ZIP
OAuth Single Access Token
Raw
oauth-single-access-token.php
<?php
/**
* Plugin Name: OAuth 1.0a Single Access Token
* Description: Create Single Access Tokens
* Version: 0.1.0
*
*/
/**
* Allows you to create a 'single access token' for each consumer.
* A single access token is simply a authentication token which you 'manually' create
* via your WordPress admin. You can then use the consumer and authentication token
* pairs to sign requests from your application without having to go through the
* entire OAuth token acquisition dance.
*
* This is ideal for applications with single-user use cases.
*
* **Do not** ever share the combination of your OAuth consumer key, secret, access
* token, and access token secret with anyone.
*
* Requires: https://github.com/WP-API/OAuth1
*/
namespace stephenharris\OAuth1SingleAccssTokens;
/**
* Returns the URL of the WP REST OAuth1 apps page
*
* @see \WP_REST_OAuth1_Admin::get_admin_url() https://github.com/WP-API/OAuth1/blob/master/lib/class-wp-rest-oauth1-admin.php
*/
function get_admin_url( $params = array() ) {
$url = admin_url( 'users.php' );
$params = array( 'page' => \WP_REST_OAuth1_Admin::BASE_SLUG ) + wp_parse_args( $params );
return add_query_arg( urlencode_deep( $params ), $url );
}
/**
* Adds 'generate single access token' form when viewing an individual consumer.
*/
add_action( 'load-users_page_rest-oauth1-apps', function() {
$action = isset( $_GET['action'] ) ? $_GET['action'] : '';
$request = array_merge( $_GET, $_POST );
$id = absint( $request['id'] );
$consumer = \WP_REST_OAuth1_Client::get( $id );
$create_single_access_token_action = get_admin_url(array(
'action' => 'create_single_access_token',
'id' => $id
));
if ( $action != 'edit' || ! $consumer ) {
return;
}
?>
<form method="post" action="<?php echo esc_url( $create_single_access_token_action ) ?>">
<h3><?php esc_html_e( 'Single Access Token', 'rest_oauth1' ) ?></h3>
<p class="description">
You can create a token for this consumer. By using a single access token,
you don’t need to implement the entire OAuth token acquisition dance.
You can just use the consumer and token pair to sign requests.
</p>
<p class="description">
This is ideal for applications with single-user use cases. <strong>Do not</strong>
ever share the combination of your OAuth consumer key, secret, access
token, and access token secret with anyone.
</p>
<?php
$single_access_token_key = get_user_option( "single_access_token_{$consumer->ID}" );
if ( $single_access_token_key ) {
$single_access_token = get_option( 'oauth1_access_' . $single_access_token_key );
?>
<table class="form-table">
<tr>
<th scope="row">
<?php esc_html_e( 'Access Key', 'rest_oauth1' ) ?>
</th>
<td>
<code><?php echo esc_html( $single_access_token['key'] ) ?></code>
</td>
</tr>
<tr>
<th scope="row">
<?php esc_html_e( 'Access Secret', 'rest_oauth1' ) ?>
</th>
<td>
<code><?php echo esc_html( $single_access_token['secret'] ) ?></code>
</td>
</tr>
</table>
<?php
}
wp_nonce_field( 'rest-oauth1-create_single_access_token:' . $consumer->ID );
submit_button( __( 'Generate Single Access Token', 'rest_oauth1' ), 'delete' );
?>
</form>
<?php
}, 20 );
/**
* Generates a single access token in response to the 'generate' button being clicked.
*/
add_action( 'load-users_page_rest-oauth1-apps', function(){
$action = isset( $_GET['action'] ) ? $_GET['action'] : '';
if ( $action != 'create_single_access_token' ) {
return;
}
if ( empty( $_GET['id'] ) ) {
return;
}
$id = $_GET['id'];
check_admin_referer( 'rest-oauth1-create_single_access_token:' . $id );
if ( ! current_user_can( 'edit_post', $id ) ) {
wp_die(
'<h1>' . __( 'Cheatin&#8217; uh?', 'rest_oauth1' ) . '</h1>' .
'<p>' . __( 'You are not allowed to edit this application.', 'rest_oauth1' ) . '</p>',
403
);
}
$consumer = \WP_REST_OAuth1_Client::get( $id );
$existing_single_access_token_key = get_user_option( "single_access_token_{$consumer->ID}" );
if ( $existing_single_access_token_key ) {
delete_option( 'oauth1_access_' . $existing_single_access_token_key );
}
//Creat new single access key
$key = apply_filters( 'json_oauth1_access_token_key', wp_generate_password( \WP_REST_OAuth1::TOKEN_KEY_LENGTH, false ) );
$data = array(
'key' => $key,
'secret' => wp_generate_password( \WP_REST_OAuth1::TOKEN_SECRET_LENGTH, false ),
'consumer' => $consumer->ID,
'user' => get_current_user_id()
);
$data = apply_filters( 'json_oauth1_access_token_data', $data );
add_option( 'oauth1_access_' . $key, $data, null, 'no' );
update_user_option( get_current_user_id(), "single_access_token_{$consumer->ID}", $key );
wp_safe_redirect(
get_admin_url( array(
'action' => 'edit',
'id' => $id,
'oauthsact_did_action' => 'create_single_access_token'
) )
);
exit;
});
/**
* Displays a notice after a single access token has been generated
*/
add_action( 'admin_notices', function () {
if ( ! empty( $_GET['oauthsact_did_action'] ) && 'create_single_access_token' == $_GET['oauthsact_did_action'] ) {
printf(
'<div class="notice notice-success"><p>%s</p></div>',
__( 'Created single access token.', 'rest_oauth1' )
);
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment