diff --git a/LICENSE b/LICENSE index 6defc43..5c53c8e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015 Steven Maguire +Copyright (c) 2017 Nikolay Votintsev Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index a5b4475..6b1ae48 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,7 @@ -# Ecwid (https://www.ecwid.com/) Provider for OAuth 2.0 Client +# Ecwid Provider for OAuth 2.0 Client [![Latest Version](https://img.shields.io/github/release/mugnate/oauth2-ecwid.svg?style=flat-square)](https://github.com/mugnate/oauth2-ecwid/releases) [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md) [![Build Status](https://img.shields.io/travis/mugnate/oauth2-ecwid/master.svg?style=flat-square)](https://travis-ci.org/mugnate/oauth2-ecwid) -[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/mugnate/oauth2-ecwid.svg?style=flat-square)](https://scrutinizer-ci.com/g/mugnate/oauth2-ecwid/code-structure) [![Quality Score](https://img.shields.io/scrutinizer/g/mugnate/oauth2-ecwid.svg?style=flat-square)](https://scrutinizer-ci.com/g/mugnate/oauth2-ecwid) [![Total Downloads](https://img.shields.io/packagist/dt/mugnate/oauth2-ecwid.svg?style=flat-square)](https://packagist.org/packages/mugnate/oauth2-ecwid) @@ -20,35 +19,49 @@ composer require mugnate/oauth2-ecwid Usage is the same as The League's OAuth client, using `\League\OAuth2\Client\Provider\Ecwid` as the provider. -### Authorization Code Flow +### Configuration ```php $provider = new Mugnate\OAuth2\Client\Provider\Ecwid([ 'clientId' => '{ecwid-client-id}', 'clientSecret' => '{ecwid-client-secret}', - 'redirectUri' => 'https://example.com/callback-url', + 'redirectUri' => 'https://yoursite.com/callback-url', ]); +``` -if (!isset($_GET['code'])) { +### Link +```php +$authUrl = $provider->getAuthorizationUrl(); +$_SESSION['oauth2-ecwid-state'] = $provider->getState(); - // If we don't have an authorization code then get one - $authUrl = $provider->getAuthorizationUrl(); - $_SESSION['oauth2state'] = $provider->getState(); - header('Location: '.$authUrl); - exit; +echo ''; +``` +### Callback +```php +if (! isset($_GET['code'])) { + exit('Invalid code'); +} // Check given state against previously stored one to mitigate CSRF attack -} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { +elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2-ecwid-state'])) { - unset($_SESSION['oauth2state']); + unset($_SESSION['oauth2-ecwid-state']); exit('Invalid state'); } else { - // Try to get an access token (using the authorization code grant) - $token = $provider->getAccessToken('authorization_code', [ - 'code' => $_GET['code'] - ]); + try { + + // Try to get an access token (using the authorization code grant) + $token = $provider->getAccessToken('authorization_code', [ + 'code' => $_GET['code'] + ]); + + } catch (Exception $e) { + + // Failed to get user details + exit('Oh dear...'); + } // Optional: Now you have a token you can look up a users profile data try { @@ -57,7 +70,7 @@ if (!isset($_GET['code'])) { $user = $provider->getResourceOwner($token); // Use these details to create a new profile - printf('Hello %s!', $user->getFirstname()); + printf('Your email %s!', $user->getEmail()); } catch (Exception $e) { @@ -77,7 +90,7 @@ When creating your Ecwid authorization URL, you can specify the state and scopes ```php $options = [ 'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE', - 'scope' => ['r_basicprofile','r_emailaddress'] // array or string + 'scope' => ['read_store_profile', 'read_catalog', 'read_orders'] // array or string ]; $authorizationUrl = $provider->getAuthorizationUrl($options);