The OAuth for IITB on PHP


require_once 'sso_handler.php';

$sso_handler = new SSOHandler(CLIENT_ID, CLIENT_SECRET);
if ($sso_handler->validate_code($_GET) && $sso_handler->validate_state($_GET)) {
  $response = $sso_handler->default_execution($_GET, $REDIRECT_URI, array('basic', 'program'), array('roll_number'));

Common Functions

 * Does the basic steps and returns either of the responses :
 * {'error' => 'error_message'} or
 * {
 *   'access_information' => array returned on getting access token,
 *   'user_information' => array returned on getting the user information
 * }

default_execution($get, $redirect_uri, $required_scopes=array('basic'), $fields=null)
gen_auth_url($response_type='code', $state=null, $scope=null, $redirect_uri=null)
request_access_information($code, $redirect_uri)
request_user_information($access_token, $fields)
send_mail($access_token, $subject, $message, $reply_to=array())

Complete Use Case

Basic Setup

Setting up the SSO Handler

Get the client ID and the client secret from the console from the http://gymkhana.iitb.ac.in/sso/ section of your app

require_once 'sso_handler.php';

$sso_handler = new SSOHandler($CLIENT_ID, $CLIENT_SECRET);

Making a request for login

Lets see how to make a login request. We will generate the login link as follows

$url = $sso_handler->gen_auth_url($response_type, $state, $permissions);
echo '<a href="'.$url.'">Sign In</a>';

This allows for you to generate the login button in the UI you like. Another way to setup a login link is using the standard button. (See the SSO reference). You might still use the gen_auth_url function.

Handling a response

Now that you set a redirect link in your application details in the SSO console to YOUR_DOMAIN/sso.php, when the login process is completed the details will be redirected to this link. Lets see what you can do here

require_once 'sso_handler.php';

$sso_handler = new SSOHandler(CLIENT_ID, CLIENT_SECRET);
if ($sso_handler->validate_code($_GET) && $sso_handler->validate_state($_GET)) {
  $response = $sso_handler->default_execution($_GET, $REDIRECT_URI, $required_scopes, $required_fields);

If you dont have a necessary state, the validate_state can be skipped, if you do, you can use it as follows $sso_handler->validate_state($_GET, true, $options)

So, thanks to the default execution function, all the details happen without you needing to do anything. Now, lets see what you get when the execution finishes.

If an error occurs this will happen

{'error' => 'error_message'} 

If no error occurs, the response will contain these 2 arrays.

  'access_information' => array returned on getting access token,
  'user_information' => array returned on getting the user information

You will mostly need will be in the array $response['user_information'].

You are now done, you can use this data as you like. Here's a simple code to handle the 2 possible responses:

  if (!isset($response['error']) && isset($response['access_information']) && isset($response['user_information'])) {
    if ($_GET['state'] === $YOUR_STATE_1) {
      // Do what you want for this state
    } ...
  } else {
    // Handle the error field