The developerWorks Connections platform will be sunset on January 2, 2020. This blog will no longer be available unless an extension has been requested. More details available on our FAQ.

Coding IBM Collaboration Solutions

Matching: oauth

Smart Cloud for Social Business and PHP - Part 2.0

Van Staub Tags: sc4sb php oauth ‎ 7,520 Views

In addition to the previous code sample, I wrote a script to demonstrate SC4SB using OAuth 2.0 ... get it - Part 2.0 ;)

This sample is also slightly different in that it uses curl to better demonstrate the process:

<?php

// to understand OAuth process see
// http://www-10.lotus.com/ldd/appdevwiki.nsf/xpDocViewer.xsp?lookupName=
// IBM+Social+Business+Toolkit+documentation#action=openDocument&res_title=
// OAuth_2.0_APIs_for_web_server_flow_sbt&content=pdcontent

// Smart Cloud URL (test server listed)
$sc4sbUrl = 'https://apps.na.collabservtest.lotus.com';
$sc4sbUrlAuth = $sc4sbUrl . '/manage/oauth2/authorize';
$sc4sbUrlToken = $sc4sbUrl . '/manage/oauth2/token';

// vendor application (must be SSL for callback to work)
$callbackUrl = 'https://localhost/SC4SBOAuth2_0.php';

// curl options
// note that the SSL certificate is NOT being verified
$options = array(CURLOPT_HEADER => true,
        CURLOPT_SSL_VERIFYPEER => false,
        CURLOPT_RETURNTRANSFER => true);

// Step 1: Register the application
$clientId =  '<client ID>';
$clientSecret = '<client secret>';

// check if a code token is available or an error exists
$error = getUrlParam($_SERVER['REQUEST_URI'], 'oauth_error');
$code = getUrlParam($_SERVER['REQUEST_URI'], 'code');

if($error == NULL && $code == NULL){
    // Step 2: Obtain authorization code
    $url = $sc4sbUrlAuth . '?';
    $url .= 'response_type=code';
    $url .= '&callback_uri=' . $callbackUrl;
    $url .= '&client_id=' . $clientId;

    header('Location: ' . $url);
    exit;

    // the result is SC4SB returning to the callbackUrl
} else {
    if($error == NULL){
        // Step 3: Exchange authorization code for access and refresh tokens
        $auth = array('Authorization: OAuth callback_uri="' . $callbackUrl . '", client_secret="' . $clientSecret . '", client_id="' . $clientId . '", grant_type="authorization_code", code="' . $code . '"');

        $ch = curl_init($sc4sbUrlToken);

        curl_setopt_array($ch, $options);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $auth);

        // if the result if false, check curl_error($ch);
        $result = curl_exec($ch);

        // If the request is successful, the following parameters are returned in the body of the response with an HTTP response code of 200:
        // refresh_token, access_token, issued_on, expires_in, token_type
        $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
        $body = substr($result, $header_size);
        parse_str($body);

        curl_close($ch);

        // you can store the refresh token to request a new access token in the future
        // e.g. for up to 90 days

        // Step 4: Use the access token to allow API access
        // access_token is assigned from the parse_str function
        $bearer = array('Authorization: Bearer ' . $access_token);

        $ch = curl_init($sc4sbUrl . '/api/bss/resource/customer');

        curl_setopt_array($ch, $options);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $bearer);

        print curl_exec($ch);

        curl_close($ch);

    } else {
        print $error;
    }
}

function getUrlParam($url, $name){
    parse_str(parse_url($url, PHP_URL_QUERY), $params);
    return isset($params[$name]) ? $params[$name] : null;
}

?>

Smart Cloud for Social Business and PHP

Van Staub Tags: sc4sb oauth php ‎ 7,919 Views

I've previously posted on the Smart Cloud for Social Business (SC4SB) demo application, which is written in Java and aimed respectively at a J2EE application server (e.g. Tomcat or WebSphere). But recently, I received a request to provide an example demonstrating the SC4SB API using PHP. Now I've not programmed in PHP in many years, but I was able to write a simple example. Some prerequisites of note:

A PHP server (obvious, and I chose to use Zend's community server for testing)
SSL on the Apache server (see this blog post on setting up a self-signed certificate)
I'd recommend Eclipse PDT to help with source code creation and debugging

The code close follows a Twitter example provided by Zend as well as the SC4SB OAuth 1.0 steps. I also found a slight modification was needed in Zend_OAuth_UserAuthorization->assembleParams() since the callback URL was being sent with the authorization URL although I did not investigate this fully. To prevent a 400 error, I needed to ensure the oauth_callback parameter is not included in the authorization URL.

if (!Zend_Oauth_Client::$supportsRevisionA) {
            $callback = $this->_consumer->getCallbackUrl();
            if (!empty($callback)) {
                //$params['oauth_callback'] = $callback;
            }
        }

And here's the PHP sample. Note that step 5 uses the BSS API, you could alternatively use the user API with the sample as well.

<?php

require_once 'Zend/Oauth/Consumer.php';
require_once 'Zend/Session.php';

Zend_Session::start();

// to understand OAuth process see
// http://www-10.lotus.com/ldd/appdevwiki.nsf/xpDocViewer.xsp?lookupName=
// IBM+Social+Business+Toolkit+documentation#action=openDocument&res_title
// =OAuth_1.0a_APIs_for_web_server_flow_sbt&content=pdcontent

// Smart Cloud URL (test server listed)
$sc4sbUrl = 'https://apps.na.collabservtest.lotus.com';

// vendor application (must be SSL for callback to work)
$callbackUrl = 'https://localhost/<replace with your file>.php';

// Step 1: Register the application
$consumerKey =  '<replace with your key>';
$consumerSecret = '<replace with your secret>';

// check if a request token is available
// i.e. the current request to this page is the callback
if(!isset($_SESSION['SC4SB_REQUEST_TOKEN'])){
    $step2config = array(
            'callbackUrl' => 'http://localhost/SC4SBOAuth.php',
            'requestTokenUrl' => $sc4sbUrl . '/manage/oauth/getRequestToken',
            'accessTokenUrl' => $sc4sbUrl . '/manage/oauth/getAccessToken',
            'authorizeUrl' => $sc4sbUrl . '/manage/oauth/authorizeToken',
            'consumerKey' => $consumerKey,
            'consumerSecret' => $consumerSecret,
            'signatureMethod' => 'PLAINTEXT'
    );

    $consumer = new Zend_Oauth_Consumer($step2config);

    // Step 2: Get a request token
    $token = $consumer->getRequestToken();

    // store the token for use in later steps
    $_SESSION['SC4SB_REQUEST_TOKEN'] = serialize($token);

    // Step 3: Obtain authorization
    // redirect to the authorization endpoint
    $consumer->redirect();

    // the result is SC4SB returning to the callbackUrl
}

$step4n5config = array(
        'requestTokenUrl' => $sc4sbUrl . '/manage/oauth/getRequestToken',
        'accessTokenUrl' => $sc4sbUrl . '/manage/oauth/getAccessToken',
        'authorizeUrl' => $sc4sbUrl . '/manage/oauth/authorizeToken',
        'consumerKey' => $consumerKey,
        'consumerSecret' => $consumerSecret,
        'signatureMethod' => 'PLAINTEXT'
);

// check if an access token is available, if so, simply make the
// API call
if(!isset($_SESSION['SC4SB_ACCESS_TOKEN'])){
    
    // Step 4: Get the access token
    $consumer = new Zend_Oauth_Consumer($step4n5config);

    // get the request token from the previous step
    if (!empty($_GET) && isset($_SESSION['SC4SB_REQUEST_TOKEN'])) {
        // now retrieve the access token from SC4SB
        // e.g. oauth_token=fsf89fdssf9sdfsfsf0fdsfsf&amp;oauth_token_secret=dhdsd99000fssfs89
        $token = $consumer->getAccessToken(
                $_GET,
                unserialize($_SESSION['SC4SB_REQUEST_TOKEN'])
        );

        // store the access token for use in API calls
        $_SESSION['SC4SB_ACCESS_TOKEN'] = serialize($token);

        $_SESSION['SC4SB_REQUEST_TOKEN'] = null;
    } else {
        exit('Invalid callback request.');
    }
}

// Step 5: Make the API call
$token = unserialize($_SESSION['SC4SB_ACCESS_TOKEN']);

// call a REST API
$client = $token->getHttpClient($step4n5config, $sc4sbUrl . '/api/bss/resource/customer');
$client->setMethod(Zend_Http_Client::GET);
$response = $client->request();
$result = $response->getBody();

print $result;

?>

Feed for Blog Entries

Blogs

▼ Tags

▼ Similar Blogs

IBM Collabora...

Notes from Ra...

Application P...

Asset Managem...

Application I...

▼ Similar Ideation Blogs

IBM Forms Exp...

IBM PureData-...

▼ Archive

▼ Blog Authors

Coding IBM Collaboration Solutions

Smart Cloud for Social Business and PHP - Part 2.0

Smart Cloud for Social Business and PHP