OAuth2lib v08 Installation Guide

Download the code of oauth2lib v08 here.

OAuth Client

Installation

In order to install the Client application you just have to include de following archives somewhere accessible for your code:

oauthClient.php
Directory utils with:
- bdUtils.php

Configuration

Step1: Instantiate the OAuth configuration class

$client = new oauthConfig();

Step2: Configure the parameters of the OAuth Client class

In the access point of the Client Application we must configure the parameters of the oauth Client class. These are defined in the client's documentation and are the following:

Authorization Server
Resource Server
Scope
Assertion Type
Lifetime
Format
Token type
Key

The configuration will be made with the getter and setters of the oauthConfig class, for example:

$oauth_as="https://oauth-server.rediris.es/oauth2/oauth_as/tokenEndpoint.php";
$client->set_oauth_as($oauth_as);
$oauth_server="https://oauth-server.rediris.es/oauth2/oauth_server/serverEndpoint.php";
$client->set_oauth_server($oauth_server);
$key = "123456789abcdefghijklmnopqrstuvwxyz";
$client->set_key($key);

Step3: Start the authorization flow

$dev = $client->startFlow($assertion);

Where $assertion will be the specific assertion for an user. It could be an PAPI assertion or a SAML2 assertion.

Step4: Getting the resource

if($dev!=null){
   echo formatResource($dev);
}else{
   echo 'Error: '.$client->getError();
}

To show the resources to the user, you must implement a method to visualize them properly.

For example, in the use case example, we've implemented a method that gets the resource, an xml string, and format it properly, to show the information in a readable way.

To know if exists an error, we must check if the result of the startFlow method is null or it isn't.

To know which error has happened, we can use the getError() method, that returns a string with the information.

OAuth Authorization Server

Installation

In order to install the Authorization Server you just have to include de following archives somewhere accesible for your code:

oauthAS.php
tokenEndpoint.php
Directory utils with:
- assertionChecking.php
- sirAC.php
- saml2AC.php
- policy.php
- policies.xml
Directory keys with:
- keys.xml

Configuration

Step1: Configuring the file keys.xml

We must give the Client Applications a shared secret that will be used to reinforce the security of the application. This shared secret or key will be registered in the keys.xml file. The format of this archive will be:

<?xml version="1.0" encoding="UTF-8"?>
<Keys>
<Key id="ip_client" value="key"/>
<Key id="ip_client2" value="Key2"/>
</Keys>

Where ip_client will be the ip of the Client Application and key will be the shared secret.

This shared secret has to be the same of the shared secret given for the Resource Server.

Step2: Configuring the file policies.xml

The Authorization Server has to know which assertions are valid ones. To define the authorization policy, we use the policies.xml file. The correct configuration of this archive is defined in the section of the Authorization Server's Documentation.

OAuth resource Server

Installation

In order to install the resource Server you just have to include de following archives somewhere accesible for your code:

oauthResourceServer.php
serverEndpoint.php
Directory utils with:
- bdUtils.php
Directory keys with:
- keys.xml

Configuration

Step1: Configuring the file keys.xml

<?xml version="1.0" encoding="UTF-8"?>
<Keys>
<Key id="ip_client" value="key"/>
<Key id="ip_client2" value="Key2"/>
</Keys>

Where ip_client will be the ip of the Client Application and key will be the shared secret.

This shared secret has to be the same of the shared secret given for the Authorization Server.