Home >Backend Development >PHP Tutorial >How to use GuzzleHttp for OAuth2 authentication in PHP

How to use GuzzleHttp for OAuth2 authentication in PHP

PHPz
PHPzOriginal
2023-06-27 14:48:121709browse

With the continuous development of Internet technology, more and more applications require OAuth2 authentication. Among them, GuzzleHttp in PHP is a commonly used HTTP request library. How to use GuzzleHttp for OAuth2 authentication? This article will introduce in detail the usage of GuzzleHttp's OAuth2 authentication.

1. Install GuzzleHttp

Use Composer to install GuzzleHttp:

composer require guzzlehttp/guzzle

2. Register OAuth2 service

GuzzleHttp provides an OAuth2 service to generate access tokens. Before using the OAuth2 service, you need to instantiate and configure the OAuth2 service.

Example:

$provider = new LeagueOAuth2ClientProviderGenericProvider([
    'clientId'                => 'yourClientId',    
    'clientSecret'            => 'yourClientSecret', 
    'redirectUri'             => 'https://example.com/callback-url', 
    'urlAuthorize'            => 'https://example.com/oauth2/authorize',
    'urlAccessToken'          => 'https://example.com/oauth2/token',
    'urlResourceOwnerDetails' => 'https://example.com/oauth2/resource', 
]);

In the above code, $provider is an instance of the OAuth2 service. The meaning of the specific configuration parameters is as follows:

  • clientId: client ID, Used for identification applications.
  • clientSecret: Client secret, used for security authentication.
  • redirectUri: callback URL, used to obtain authorization code.
  • urlAuthorize: Authorization URL, used to obtain authorization code.
  • urlAccessToken: Access token URL, used to obtain access token.
  • urlResourceOwnerDetails: Resource owner details URL, used to obtain resource owner information.

3. Obtain the access token

The steps to obtain the access token using the OAuth2 service are as follows:

  • Redirect to the authorization URL to obtain the authorization code .
  • With the authorization code, obtain the access token.
  • Use the access token to access the API interface.

Example:

// redirect to authorization URL
$authorizationUrl = $provider->getAuthorizationUrl();
header('Location: ' . $authorizationUrl);

// exchange authorization code for access token
$accessToken = $provider->getAccessToken('authorization_code', [
    'code' => $_GET['code']
]);

// use access token to access protected resources
$response = $http->request('GET', 'https://example.com/api/resource', [
    'headers' => [
        'Authorization' => 'Bearer ' . $accessToken->getToken()
    ]
]);

In the above code, first redirect to the authorization URL to obtain the authorization code, then use the authorization code to obtain the access token, and finally use the access token to access the API interface.

4. Use refresh token

The access token is time-sensitive, and generally it is necessary to use the refresh token to update the access token. The steps to use the refresh token are as follows:

  • With the refresh token, obtain a new access token.
  • Update the access token and use the new access token to access the API interface.

Example:

// refresh access token using refresh token
$accessToken = $provider->getAccessToken('refresh_token', [
    'refresh_token' => $accessToken->getRefreshToken()
]);

// use refreshed access token to access protected resources
$response = $http->request('GET', 'https://example.com/api/resource', [
    'headers' => [
        'Authorization' => 'Bearer ' . $accessToken->getToken()
    ]
]);

In the above code, use the refresh token to get a new access token, then update the access token and use the new access token to access the API interface.

5. Summary

The above is a detailed introduction to using GuzzleHttp for OAuth2 authentication in PHP. First, you need to instantiate the OAuth2 service and perform related configurations, then obtain the authorization code through the authorization URL, and then use the authorization code to obtain the access token. You need to carry the access token when accessing the API interface. Access tokens are time-sensitive and can be updated using a refresh token. GuzzleHttp is a commonly used HTTP request library. By using GuzzleHttp's OAuth2 service, OAuth2 authentication can be easily performed.

The above is the detailed content of How to use GuzzleHttp for OAuth2 authentication in PHP. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn