From f262367affff6c59238bb33799b4981c6abe5448 Mon Sep 17 00:00:00 2001 From: tokslaw7 Date: Sun, 9 Jul 2023 01:32:31 +0000 Subject: [PATCH] Google oauth code for token exchange --- www-api/app/Controllers/WrenchOauth.php | 50 ++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 6 deletions(-) diff --git a/www-api/app/Controllers/WrenchOauth.php b/www-api/app/Controllers/WrenchOauth.php index f1aaf6da..aab336d3 100644 --- a/www-api/app/Controllers/WrenchOauth.php +++ b/www-api/app/Controllers/WrenchOauth.php @@ -70,7 +70,7 @@ class WrenchOauth extends BaseController } else { http_response_code(404); // tell the user product does not exist - echo json_encode([ + return json_encode([ 'message' => 'Endpoint not found.', 'URI' => $uri, ]); @@ -117,7 +117,47 @@ class WrenchOauth extends BaseController } - private function prepareOauthEndPointData($endpoint, &$in, &$call_backend=true,&$local_out=[]){ + private function gooleOAuthCodeExchange($in, &$local_out) { + /* + POST /token HTTP/1.1 + Host: oauth2.googleapis.com + Content-Type: application/x-www-form-urlencoded + + code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7& + client_id=your_client_id& + client_secret=your_client_secret& + redirect_uri=https%3A//oauth2.example.com/code& + grant_type=authorization_code + */ + + $data = [ + "code" => $in["code"], + "client_id" => $this->getSiteConfigurations("google.google_client_id"), + "client_secret" => $this->getSiteConfigurations("google.google_client_secret"), + "redirect_uri" => $in["redirect_uri"], + "grant_type" => "authorization_code" + ]; + $ch = curl_init(); + + curl_setopt($ch, CURLOPT_URL,"https://oauth2.googleapis.com/token"); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); + curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded')); + // Receive server response ... + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + + $server_output = curl_exec($ch); + + curl_close($ch); + + $local_out = json_decode($server_output,true); + + if (!is_array($local_out) || !array_key_exists("message",$local_out)) { + $local_out["message"] = "Received from Google token API: ".$server_output; + } + } + + private function prepareOauthEndPointData($endpoint, $in, &$call_backend=true,&$local_out=[]){ log_message('critical', "Started prepareOauthEndPointData -> ".$endpoint ); switch ($endpoint) { case 'authstart': @@ -125,13 +165,11 @@ class WrenchOauth extends BaseController switch($in["auth_type"]){ case 'GOOGLE': log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint ); - $in["login_channel"] = "990010"; /* LOGIN_GOOGLE */ - $in["GOOGLE_CLIENT_ID"] = $this->getSiteConfigurations("google.google_client_id"); - $in["GOOGLE_CLIENT_SECRET"] = $this->getSiteConfigurations("google.google_client_secret"); + $this->gooleOAuthCodeExchange($in, $local_out); break; } log_message('critical', "prepareOauthEndPointDataL FINAL DATA".serialize($local_out) ); - $call_backend=true; + $call_backend=false; break; case 'authlogin': // not really implemented