Hi guys, I’m trying to setup SSO in a php project, but I’m stuck at Verify the authorization code.
$code = $_GET[‘code’];
$clientID =
$url = ‘https://login.eveonline.com/oauth/token ’;
$curl = curl_init($url);login.eveonline.com ’,
What I’m doing wrong?
Likely this:
Steven_Trux:
‘Content-Length: 0’,
Looking further, you are posting ‘grant_type=authorization_code&code=’.$code)); as a header and not the body.
I recommend using a library for oauth2, not rolling your own.
Any suggestion for a library?
I don’t write PHP, but there are a few out there that will likely also depend on you preference for HTTP client. I hear Guzzle is quite good: https://github.com/kamermans/guzzle-oauth2-subscriber
Look for something that can reuse connections, preferably using HTTP/2.
1 Like
I used guzzle in all my php code. I found it best to learn guzzle by converting an already working php curl to it. At least thats how I learned it.
I learned it by converting https://github.com/fuzzysteve/eve-sso-auth to guzzle.
2 Likes
Ok, will have a look. Thanks
the way you concatenate secret and key is wrong, they need to be separated by a colon. This is part of my sso class (based on steve ronukens code) that works:
$url = 'https://login.eveonline.com/oauth/token';
$header = 'Authorization: Basic '.base64_encode(ESI_ID.':'.ESI_SECRET);
$fields_string = '';
$fields = array(
'grant_type' => 'authorization_code',
'code' => $code,
);
foreach ($fields as $key => $value) {
$fields_string .= $key.'='.$value.'&';
}
rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, ESI_USER_AGENT);
curl_setopt($ch, CURLOPT_HTTPHEADER, array($header));
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
$result = curl_exec($ch);
Here is the entire class that also does verification and refreshing:
https://bitbucket.org/snitchashor/spacemail/src/39dbc567a72cc0d6ad2dc122a1b586a5a67ab8be/classes/class.esisso.php?at=master&fileviewer=file-view-default
1 Like
@Snitch_Ashor
$fields_string = '';
$fields = array(
'grant_type' => 'authorization_code',
'code' => $code,
);
foreach ($fields as $key => $value) {
$fields_string .= $key.'='.$value.'&';
}
rtrim($fields_string, '&');
This right there can be done better and in several ways. You don’t need to iterate over strings only to concatenate them and then remove trailing characters. You can use implode() to do it for you. For example:
$field_string = implode('&', $fields); // $fields as flat array
Another way of doing it is to use http_build_query() and let it do it for you including any character encoding that may be necessary. For example:
$field_string = http_build_query($fields, '', '&', PHP_QUERY_RFC1738);
However, because this isn’t a difficult string to build can you also just write this:
$field_string = 'grant_type=authorization_code&code='.$code;
Cheers
By the way, when you want to post some PHP code here in the forum then you can write:
```php
... PHP code goes here ...
```
This will enable syntax highlighting for PHP.
1 Like
Thanks, will try http_build_query. A simple implode won’t do, as i need key value pairs.
I’ve only mentioned it to show there are other ways of doing it. You’d have to use a flat array and not an associative array for implode(). It only depends on the what is really necessary to get the job done. I myself use a simple concatenation like in the last example. But I went for JSON encoding. Not sure if that’s better or if URL-query syntax might be a little bit better.
system
July 14, 2018, 7:26pm
12
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.