Instantly share code, notes, and snippets.

Embed
What would you like to do?
Hello USOS API
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
/* USOS API Base URL, trailing slash included. */
$usosapi_base_url = '';
/* URL of THIS script. Required for callback support. */
$self_url = '';
/* Your USOS API Consumer Key and Secret. Visit developers page to get one. */
$consumer_key = '';
$consumer_secret = '';
/* Required scopes. The only functionality of this application is to say hello,
* so it does not really require any. But, if you want, you may access user's
* email, just do the following:
* - put array('email') here,
* - append 'email' to the 'fields' argument of 'services/users/user' method,
* you will find it below in this script.
*/
$scopes = array();
/*
* This application stores User's Access Token in $_SESSION. This means
* that it is allowed to act on User's behalf until the session OR
* Access Token is expired. When session expires, it will redo the
* authorization process. If the User is logged in at that time, he
* won't see the authorization screen, because USOS API remembers that
* he already authorized this application (the authorization notice
* will be skipped).
*/
session_start();
/* Some USOS API methods require secure connection. Usually you'll
* want to use SSL only for these methods which require you to do so
* - most notably, the authorization dance. Using it for all other
* methods will probably degrade performance of your application. */
$secure_base_url = str_replace("http://", "https://", $usosapi_base_url);
$req_url = $secure_base_url.'services/oauth/request_token?scopes='.implode("|", $scopes);
$authurl = $secure_base_url.'services/oauth/authorize';
$acc_url = $secure_base_url.'services/oauth/access_token';
class States
{
const BEFORE_AUTH = 1;
const AUTH_IN_PROGRESS = 2;
const AFTER_AUTH = 3;
}
/* Determine session state and page to be displayed. */
if (!isset($_SESSION['state']))
$_SESSION['state'] = States::BEFORE_AUTH;
if (isset($_GET['reset']))
$_SESSION['state'] = States::BEFORE_AUTH;
$page = isset($_GET['page']) ? $_GET['page'] : 'welcome';
if (!in_array($page, array('welcome', 'protected')))
$page = 'welcome';
if ($page == 'welcome')
{
print "
<html>
<head>
<title>Hello World</title>
<meta http-equiv='content-type' content='text/html; charset=UTF-8'>
</head>
<body>
<p>This is simple Hello World USOS API application, written in PHP.</p>
<p>It requires <a href='http://php.net/oauth'>OAuth extension</a> to run.
If your provider doesn't support this extension, you will have to rewrite it using one
of available PHP libraries, like <a href='http://code.google.com/p/oauth-php/'>oauth-php</a>.</p>
<p><a href='?page=protected'>Click here to access a protected resource</a></p>
<p>Note, that once you've authorized this application, you won't see the
authorization notice again (unless you undo the authorization in your
<a href='" . $usosapi_base_url . "apps/'>USOSapps Administration Panel</a>).</p>
</body>
</html>
";
exit;
}
assert($page == 'protected');
try {
$oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$oauth->enableDebug();
if ($_SESSION['state'] == States::BEFORE_AUTH) {
$request_token_info = $oauth->getRequestToken($req_url, $self_url.'?page=protected');
$_SESSION['secret'] = $request_token_info['oauth_token_secret'];
$_SESSION['state'] = States::AUTH_IN_PROGRESS;
header('Location: '.$authurl.((strpos($authurl, '?') === false) ? '?' : '&').'oauth_token='.$request_token_info['oauth_token']);
exit;
}
if ($_SESSION['state'] == States::AUTH_IN_PROGRESS) {
if (!isset($_GET['oauth_token'])) {
print "
<html>
<head>
<title>Failure</title>
<meta http-equiv='content-type' content='text/html; charset=UTF-8'>
</head>
<body>
<p>You came back from the authorization page, but haven't allowed access!</p>
<p>Usually, I would probably redirect you <a href='?page=welcome&reset=true'>here</a>.</p>
</body>
</html>
";
exit;
}
$oauth->setToken($_GET['oauth_token'],$_SESSION['secret']);
$access_token_info = $oauth->getAccessToken($acc_url);
$_SESSION['state'] = States::AFTER_AUTH;
$_SESSION['token'] = $access_token_info['oauth_token'];
$_SESSION['secret'] = $access_token_info['oauth_token_secret'];
/* We might just fall through here, but we will make a redirect to
* keep the URL clean (remove the token and verifier). */
header('Location: '.$self_url.'?page=protected');
exit;
}
if ($_SESSION['state'] == States::AFTER_AUTH) {
$oauth->setToken($_SESSION['token'],$_SESSION['secret']);
$oauth->fetch($usosapi_base_url."services/users/user?fields=id|first_name|last_name|sex|homepage_url|profile_url");
$json = json_decode($oauth->getLastResponse());
print "
<html>
<head>
<title>Success!</title>
<meta http-equiv='content-type' content='text/html; charset=UTF-8'>
</head>
<body>
<p>Hello $json->first_name!</p>
<p>I just used the <a href='${usosapi_base_url}developers/api/services/users/#user'>
services/users/user</a> method in order to get some of your details. These are the
ones I got:</p>
<pre>".print_r($json, true)."</pre>
<p>Things for you to try:</p>
<ul>
<li>log out of USOS, then refresh this page,</li>
<li>withdraw the privileges you gave me (see your
<a href='" . $usosapi_base_url . "apps/'>USOSapps Administration Panel</a>),
then refresh this page,</li>
<li><a href='?page=welcome&reset=true'>start over</a>.</li>
</ul>
</body>
</html>
";
exit;
}
} catch(OAuthException $E) {
session_destroy();
print "
<html>
<head>
<title>Failure</title>
<meta http-equiv='content-type' content='text/html; charset=UTF-8'>
</head>
<body>
<p>I got an OAuth error! If you haven't messed around with the code, then I should
assume the the Access Token I used have expired. In this case, I should just redo
the authorization process. Usually, I wouldn't ask you to confirm that!</p>
<p><a href='?page=protected&reset=true'>Click here to continue!</a>
<hr>Last response:<br><b>".print_r($E->lastResponse, true)."</b><br><br>Exception dump:<pre>".print_r($E, true)."</pre>
</body></html>
";
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment