How to use third-party authorization to log in in PHP?

In today's social era, users are no longer satisfied with the traditional registration and login methods, and hope to log in directly using their already registered social accounts. In order to meet this demand, many websites provide third-party login access. In PHP, we can implement third-party authorized login through the OAuth protocol. Let us take a look at it below.

The OAuth protocol is an open standard, mainly used to authorize access to third-party platforms without providing the user's account number and password. Through the OAuth protocol, third-party platforms can request data from other platforms on behalf of users, realizing data sharing between different platforms.

In PHP, there are generally the following steps to implement OAuth authorization login:

1. Apply for the API key and key string of the third-party platform

Before performing OAuth authorization login, you need to apply for the API key and key string on the third-party platform. Taking Sina Weibo as an example, we need to apply for an API key and key string on the Sina Open Platform. After the application is successful, we can get the following information:

App Key: The unique identifier of the application
App Secret: The secret key of the application
Redirect URI: The URI used for callback, which needs to be filled in when applying Consistent

2. Implementing OAuth client

In PHP, we can use a third-party OAuth client to quickly implement the authorized login function. Here we take Github as an example to introduce how to use a third-party OAuth client. Here we will use PHP League's OAuth2 Client to implement Github authorized login.

First, we need to install the PHP League's OAuth2 Client library in the project, which can be installed using composer:

composer require league/oauth2-client

After the installation is complete, we need to instantiate Github's OAuth client in the code , and pass in the API key and key string applied in the previous step.

$provider = new LeagueOAuth2ClientProviderGithub([
    'clientId'          => 'CLIENT_ID',
    'clientSecret'      => 'CLIENT_SECRET',
    'redirectUri'       => 'REDIRECT_URI',
    'scopes'            => ['user'],
]);

Among them, CLIENT_ID and CLIENT_SECRET are the API key and key string applied in the previous step, and REDIRECT_URI is the callback URI.

3. Get the authorization code

Before OAuth authorization login, you need to send a request to the third-party platform to obtain the authorization code. Taking Github as an example, we can use the following code to redirect users to the Github authentication page:

// Step 1. Get authorization code
$options = [
    'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE',
     // ...
];
$authUrl = $provider->getAuthorizationUrl($options);

// Store state so that the callback can verify the response
$_SESSION['oauth2state'] = $provider->getState();

// Redirect the user to the authorization URL
header('Location: '.$authUrl);
exit;

When requesting the Github authentication page, we pass an $options array to specify the scope of authorization and other information. $_SESSION['oauth2state'] is used to save the returned state value.

4. Get access token

After the user passes third-party authentication, we need to obtain the access token through the callback URI. Taking Github as an example, we can use the following code to obtain the access token:

// Step 2. Get an access token using the authorization code grant
if (isset($_GET['code']) && isset($_GET['state'])) {
    if ($_GET['state'] !== $_SESSION['oauth2state']) {
        unset($_SESSION['oauth2state']);
        exit('State error');
    }

    // Get an access token using the authorization code grant
    try {
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // Optional: Store the token
        $_SESSION['access_token'] = $token->getToken();
    } catch (LeagueOAuth2ClientProviderExceptionIdentityProviderException $e) {
        exit('Token error: '.$e->getMessage());
    }

    header('Location: '.$_SERVER['PHP_SELF']);
    exit;
}

After obtaining the access token, we can store the token in SESSION for subsequent use.

5. Get user information

After obtaining the access token, we can obtain user information through the OAuth client. Taking Github as an example, we can use the following code to obtain user information:

if (isset($_SESSION['access_token'])) {
    $token = new LeagueOAuth2ClientTokenAccessToken(['access_token' => $_SESSION['access_token']]);

    try {
        $user = $provider->getResourceOwner($token);
        echo 'Hello '.$user->getName();
    } catch (LeagueOAuth2ClientProviderExceptionIdentityProviderException $e) {
        exit('Resource owner error: '.$e->getMessage());
    }
}

After obtaining the user information, we can process it according to needs, such as registration, login, personalization and other operations.

The above is the basic process for implementing third-party authorized login in PHP. Of course, in practical applications, many security and business issues need to be considered, such as preventing CSRF attacks, synchronizing user data, etc. However, through the above basic process, I believe readers can have a deeper understanding of OAuth authorized login.

The above is the detailed content of How to use third-party authorization to log in in PHP?. For more information, please follow other related articles on the PHP Chinese website!