This package provides WordPress.com OAuth 2.0 support for the PHP League's OAuth 2.0 Client., (*1)
Requirements
This package uses WordPress.com Connect to authenticate users with WordPress.com accounts., (*2)
Requirements to use this package:
- PHP >= 5.6
- a WordPress client ID and client secret, referred to as {wordpress-client-id} and {wordpress-client-secret}. Follow the WordPress Apps instructions to create the required credentials, (*3)
Installation
Use composer to install:, (*4)
composer require layered/oauth2-wordpress-com
Usage
Usage is the same as The League's Abstract OAuth client, using \Layered\OAuth2\Client\Provider\WordPressCom as the provider., (*5)
Authorization Code Flow
use Layered\OAuth2\Client\Provider\WordPressCom;
$provider = new WordPressCom([
'clientId' => '{wordpresscom-client-id}',
'clientSecret' => '{wordpresscom-client-secret}',
'redirectUri' => 'https://example.com/callback-url',
'blog' => 'https://example.com' // optional - request auth for a specific blog
]);
if (isset($_GET['error'])) { // Got an error, probably user denied access
exit('Error: ' . htmlspecialchars($_GET['error_description'] . ' (' . $_GET['error_description'] . ')', ENT_QUOTES, 'UTF-8'));
} elseif (!isset($_GET['code'])) { // If we don't have an authorization code then get one
$authUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: '. $authUrl);
exit;
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { // Check given state against previously stored one to mitigate CSRF attack
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// If auth was for a single site or global access, token contains extra blog info
$tokenValues = $token->getValues();
echo 'Blog ID: ' . $tokenValues['blog_id'] . '<br>';
echo 'Blog URL: ' . $tokenValues['blog_url'] . '<br>';
// Get user profile data
try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token);
// Use these details to create a new profile
printf('Hello %s!', $user->getName());
} catch (\Exception $e) {
// Failed to get user details
exit('Something went wrong: ' . $e->getMessage());
}
// Use this to interact with an API on the users behalf
echo $token->getToken();
}
Available Options
The WordPressCom provider has the following options:, (*6)
-
blog can be a blog URL or blog ID for a WordPress.com blog or Jetpack site
-
scope to request access to additional data
Scopes
When creating the authorization URL, specify the scope your application may authorize. Available scopes for WordPress.com:, (*7)
-
auth for authentication only, grants access to /me endpoints
-
global access to all user's sites and data
- '' (empty) access to a single blog, specified in request or chosen by user
Get access to user profile
$provider->getAuthorizationUrl([
'scope' => 'auth'
]);
Get access to user profile & a single blog
$provider->getAuthorizationUrl([
'scope' => ''
]);
Testing
composer test
Credits
License
The MIT License (MIT). Please see License File for more information., (*8)
Wallogit.com
