Skip to content

Commit

Permalink
Merge pull request #337 from ianbarber/master
Browse files Browse the repository at this point in the history
Update comment in config & add new auth params
  • Loading branch information
ianbarber committed Sep 30, 2014
2 parents f925fd3 + 1987ba4 commit a41a9dc
Show file tree
Hide file tree
Showing 5 changed files with 130 additions and 14 deletions.
23 changes: 18 additions & 5 deletions src/Google/Auth/OAuth2.php
Original file line number Diff line number Diff line change
Expand Up @@ -149,13 +149,14 @@ public function createAuthUrl($scope)
'client_id' => $this->client->getClassConfig($this, 'client_id'),
'scope' => $scope,
'access_type' => $this->client->getClassConfig($this, 'access_type'),
'approval_prompt' => $this->client->getClassConfig($this, 'approval_prompt'),
);

$login_hint = $this->client->getClassConfig($this, 'login_hint');
if ($login_hint != '') {
$params['login_hint'] = $login_hint;
}
$params = $this->maybeAddParam($params, 'approval_prompt');
$params = $this->maybeAddParam($params, 'login_hint');
$params = $this->maybeAddParam($params, 'hd');
$params = $this->maybeAddParam($params, 'openid.realm');
$params = $this->maybeAddParam($params, 'prompt');
$params = $this->maybeAddParam($params, 'include_granted_scopes');

// If the list of scopes contains plus.login, add request_visible_actions
// to auth URL.
Expand Down Expand Up @@ -604,4 +605,16 @@ public function verifySignedJwtWithCerts(
// All good.
return new Google_Auth_LoginTicket($envelope, $payload);
}

/**
* Add a parameter to the auth params if not empty string.
*/
private function maybeAddParam($params, $name)
{
$param = $this->client->getClassConfig($this, $name);
if ($param != '') {
$params[$name] = $param;
}
return $params;
}
}
46 changes: 45 additions & 1 deletion src/Google/Client.php
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ public function getAccessToken()
// in the library.
return (null == $token || 'null' == $token || '[]' == $token) ? null : $token;
}

/**
* Get the OAuth 2.0 refresh token.
* @return string $refreshToken refresh token or null if not available
Expand Down Expand Up @@ -367,6 +367,50 @@ public function setDeveloperKey($developerKey)
$this->config->setDeveloperKey($developerKey);
}

/**
* Set the hd (hosted domain) parameter streamlines the login process for
* Google Apps hosted accounts. By including the domain of the user, you
* restrict sign-in to accounts at that domain.
* @param $hd string - the domain to use.
*/
public function setHostedDomain($hd)
{
$this->config->setHostedDomain($hd);
}

/**
* Set the prompt hint. Valid values are none, consent and select_account.
* If no value is specified and the user has not previously authorized
* access, then the user is shown a consent screen.
* @param $prompt string
*/
public function setPrompt($prompt)
{
$this->config->setPrompt($prompt);
}

/**
* openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth
* 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which
* an authentication request is valid.
* @param $realm string - the URL-space to use.
*/
public function setOpenidRealm($realm)
{
$this->config->setOpenidRealm($realm);
}

/**
* If this is provided with the value true, and the authorization request is
* granted, the authorization will include any previous authorizations
* granted to this user/application combination for other scopes.
* @param $include boolean - the URL-space to use.
*/
public function setIncludeGrantedScopes($include)
{
$this->config->setIncludeGrantedScopes($include);
}

/**
* Fetches a fresh OAuth 2.0 access token with the given refresh token.
* @param string $refreshToken
Expand Down
57 changes: 54 additions & 3 deletions src/Google/Config.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ class Google_Config
/**
* Create a new Google_Config. Can accept an ini file location with the
* local configuration. For example:
* application_name: "My App";
* application_name="My App"
*
* @param [$ini_file_location] - optional - The location of the ini file to load
*/
Expand Down Expand Up @@ -78,10 +78,14 @@ public function __construct($ini_file_location = null)
'developer_key' => '',

// Other parameters.
'access_type' => 'online',
'approval_prompt' => 'auto',
'hd' => '',
'prompt' => '',
'openid.realm' => '',
'include_granted_scopes' => '',
'login_hint' => '',
'request_visible_actions' => '',
'access_type' => 'online',
'approval_prompt' => 'auto',
'federated_signon_certs_url' =>
'https://www.googleapis.com/oauth2/v1/certs',
),
Expand Down Expand Up @@ -297,6 +301,53 @@ public function setDeveloperKey($key)
$this->setAuthConfig('developer_key', $key);
}

/**
* Set the hd (hosted domain) parameter streamlines the login process for
* Google Apps hosted accounts. By including the domain of the user, you
* restrict sign-in to accounts at that domain.
* @param $hd string - the domain to use.
*/
public function setHostedDomain($hd)
{
$this->setAuthConfig('hd', $hd);
}

/**
* Set the prompt hint. Valid values are none, consent and select_account.
* If no value is specified and the user has not previously authorized
* access, then the user is shown a consent screen.
* @param $prompt string
*/
public function setPrompt($prompt)
{
$this->setAuthConfig('prompt', $prompt);
}

/**
* openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth
* 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which
* an authentication request is valid.
* @param $realm string - the URL-space to use.
*/
public function setOpenidRealm($realm)
{
$this->setAuthConfig('openid.realm', $realm);
}

/**
* If this is provided with the value true, and the authorization request is
* granted, the authorization will include any previous authorizations
* granted to this user/application combination for other scopes.
* @param $include boolean - the URL-space to use.
*/
public function setIncludeGrantedScopes($include)
{
$this->setAuthConfig(
'include_granted_scopes',
$include ? "true" : "false"
);
}

/**
* @return string the base URL to use for API calls
*/
Expand Down
8 changes: 4 additions & 4 deletions src/Google/Http/MediaFileUpload.php
Original file line number Diff line number Diff line change
Expand Up @@ -288,13 +288,13 @@ private function getResumeUri()
return $location;
}
$message = $code;
$body = @json_decode( $response->getResponseBody() );
if ( ! empty( $body->error->errors ) ) {
$body = @json_decode($response->getResponseBody());
if (!empty( $body->error->errors ) ) {
$message .= ': ';
foreach( $body->error->errors as $error ) {
foreach ($body->error->errors as $error) {
$message .= "{$error->domain}, {$error->message};";
}
$message = rtrim( $message, ';' );
$message = rtrim($message, ';');
}
throw new Google_Exception("Failed to start the resumable upload (HTTP {$message})");
}
Expand Down
10 changes: 9 additions & 1 deletion tests/general/ApiOAuth2Test.php
Original file line number Diff line number Diff line change
Expand Up @@ -130,14 +130,22 @@ public function testCreateAuthUrl()

// Again with a blank login hint (should remove all traces from authUrl)
$client->setLoginHint("");
$client->setHostedDomain("example.com");
$client->setOpenidRealm("example.com");
$client->setPrompt("select_account");
$client->setIncludeGrantedScopes(true);
$authUrl = $oauth->createAuthUrl("http://googleapis.com/scope/foo");
$expected = "https://accounts.google.com/o/oauth2/auth"
. "?response_type=code"
. "&redirect_uri=http%3A%2F%2Flocalhost"
. "&client_id=clientId1"
. "&scope=http%3A%2F%2Fgoogleapis.com%2Fscope%2Ffoo"
. "&access_type=offline"
. "&approval_prompt=force";
. "&approval_prompt=force"
. "&hd=example.com"
. "&openid.realm=example.com"
. "&prompt=select_account"
. "&include_granted_scopes=true";
$this->assertEquals($expected, $authUrl);
}

Expand Down

0 comments on commit a41a9dc

Please sign in to comment.