OAuth2lib v10 Installation Guide

Download the code of oauth2lib v10 here.

OAuth Client

Installation

In order to install the Client application you just have to include de following archives somewhere accessible for your code:

'oauth_client/src' directory

Configuration

Step1: Instantiate the OAuth class with the ID of the Client Application and its client secret.

$client = new OAuth($client_id,$secret);

Step2: Configure the parameters of the OAuth Client class

In the access point of the Client Application we must configure the parameters of the oauth Client class. These are defined in the client's documentation and are the following:

Authorization Server
- PUBLIC setAs($url_as): void
Resource Server
- PUBLIC setRs($url_rs): void
Scope
- PUBLIC setScope($scope): void
Assertion Type: Type of the assertion (Defined by the constants PAPI or SAML2). By default PAPI.
- PUBLIC setPAPIAssertionType(): void
- PUBLIC setSAML2AssertionType(): void
Error Type: Error type. Defined by the constants HTML or JSON. By default HTML.
- PUBLIC setHTMLErrorResponse(): void
- PUBLIC setJSONErrorResponse(): void
Request type: Type of request that the Client makes to the Resource Server (Defined by the constants HEADER, GET or BODY). By default HEADER.
- PUBLIC setBODYResourceRequest(): void
- PUBLIC setGETResourceRequest(): void
- PUBLIC setHEADERResourceRequest(): void
Client Secret and Client ID: Defined in the constructor of the OAuth Class
- OAuth __construct ([ $clientid = "app_client_1"], [ $clientsecret = "example_key"])

The configuration will be made with these methods. For example:

$as="https://oauth-server.rediris.es/oauth2_10/oauth_as/tokenEndpoint.php";
$rs="https://oauth-server.rediris.es/oauth2_10/oauth_server/serverEndpoint.php";
$client->setAs($as);
$client->setRs($rs);
$client->setGETResourceRequest();
$client->setJSONErrorResponse();
$client->setSAML2AssertionType();

Step3: Start the authorization flow

$dev = $client->doOAuthFlow($assertion)

Where $assertion will be the specific assertion for an user. It could be an PAPI assertion or a SAML2 assertion.

In the case of a PAPI assertion, we send in $assertion the information stored in $_SESSION['userdata'], obtained with the phpPoA. For more information about phpPoA, see its web page

In the SAML2 case, we send in $assertion the result of call the method $as->getAttributes(); of SimpleSAMLphp. For more information about SimpleSAMLphp, see its web page

Step4: Getting the resource (or the error)

if(!$dev){
	echo $client->getError();
}else{
    echo $client->getResource();
}

We get the resource with the method getResource().

To know if exists an error, we must check if the result of the doOAuthFlow method returns FALSE or not.

To know which error has happened, we can use the getError() method, that returns a string with the information.

Step5: Formatting the resource

To show the resources to the user, you must implement a method to visualize them properly.

For example, in the use case example, we've implemented a method that gets the resource, an xml string, and format it properly, to show the information in a readable way.

We can format the resources in different ways depending on the scope of the resource, thanks to the method returnResource() of the OAuth class. This function, given an OAuthClient object, formats the corresponding response depending on the scope of the request.

In order to format a Response we must do the following steps:

Step 5.1: Formatting the resource: To format a resource you must to develop a Class that implements the interface IFormattingResource. An example of this type of class is the DefaultFormattingResource.
Step 5.2: Register the format to an specific Scope: To register the format, you must configure the FormatResponses.xml file as you can see in its documentation.

OAuth Authorization Server

Installation

In order to install the Authorization Server you just have to include de following archives somewhere accesible for your code:

'oauth_as' directory

tokenEndpoint.php

'config' directory

keys.xml

errors.xml

policies.xml

'src' directory

oauthAS class

ClientList class

ErrorList class

'assertions' directory

AssertionPolicy class:

IAssertionChecking interface

saml2AssertionChecking

sirAssertionChecking

Configuration

Step1: Configuring the file keys.xml: The Authorization Server has to know with whose Clients are copmmunicating. To define this, we use the keys.xml file. The correct configuration of this archive is defined in the section of the documentation.
Step2: Configuring the file policies.xml: The Authorization Server has to know which assertions are valid ones. To define the authorization policy, we use the policies.xml file. The correct configuration of this archive is defined in the section of the Policy's Documentation.
Step3: Endpoint: With the current code organization, the Token Endpoint that we must give to the Client App will be accessible in the php file: tokenEndpoint.php.

OAuth resource Server

Installation

In order to install the resource Server you just have to include de following archives somewhere accesible for your code:

'oauth_server' directory

serverEndpoint.php

'config' directory

keys.xml

errors.xml

'src' directory

oauthRS class

ClientList class

ErrorList class

'assertions' directory

Resource class

IServerResource interface

Configuration

Step1: Configuring the file keys.xml

The Resource Server has to know with whose Clients are copmmunicating. To define this, we use the keys.xml file. The correct configuration of this archive is defined in the section of the documentation.

Step2: To get the resources

To get the resources from the server, you must develop a class to get them.

This class must implement the IServerResource interface. For more information see the example class inside the library and its documentation.

Step3: Endpoint

With the current code organization, the Server Endpoint that we must give to the Client App will be accessible in the php file: serverEndpoint.php.