sdk-php/docs/interactive_oauth_example.php at master · Penneo/sdk-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
<?php

/**
 * Interactive OAuth (PKCE): open this script in a browser after starting a local server.
 *
 * 1) Register this exact Redirect URI in Penneo (OAuth client config):
 *    http://127.0.0.1:8080/interactive_oauth_example.php
 *    (or http://localhost:8080/... — must match character-for-character what you open in the browser)
 *
 * 2) From repository root:
 *    export PENNEO_OAUTH_CLIENT_ID="..."
 *    export PENNEO_OAUTH_CLIENT_SECRET="..."
 *    php -S 127.0.0.1:8080 -t docs
 *
 * 3) Open in browser: http://127.0.0.1:8080/interactive_oauth_example.php
 *
 * Optional: PENNEO_OAUTH_REDIRECT_URI — if unset, defaults to 127.0.0.1 URL above.
 * Optional: PENNEO_OAUTH_ENV=sandbox|production (default sandbox).
 */

declare(strict_types=1);

require_once dirname(__DIR__) . '/vendor/autoload.php';

use Penneo\SDK\ApiConnector;
use Penneo\SDK\CaseFile;
use Penneo\SDK\OAuth\Config\Environment;
use Penneo\SDK\OAuth\OAuthBuilder;
use Penneo\SDK\OAuth\PKCE\PKCE;
use Penneo\SDK\OAuth\Tokens\SessionTokenStorage;
use Penneo\SDK\PenneoSdkRuntimeException;

session_start();

function interactiveOauthFail(string $message): void
{
    if (PHP_SAPI === 'cli') {
        fwrite(STDERR, $message . PHP_EOL);
    } else {
        header('Content-Type: text/plain; charset=utf-8');
        echo $message;
    }
    exit(1);
}

$clientId = getenv('PENNEO_OAUTH_CLIENT_ID') ?: '';
$clientSecret = getenv('PENNEO_OAUTH_CLIENT_SECRET') ?: '';
$redirectUri = getenv('PENNEO_OAUTH_REDIRECT_URI') ?: 'http://127.0.0.1:8080/interactive_oauth_example.php';
$environment = getenv('PENNEO_OAUTH_ENV') ?: Environment::SANDBOX;

if ($clientId === '' || $clientSecret === '') {
    interactiveOauthFail(
        "Set environment variables before running:\n"
        . "  export PENNEO_OAUTH_CLIENT_ID='...'\n"
        . "  export PENNEO_OAUTH_CLIENT_SECRET='...'\n"
        . "Optional:\n"
        . "  export PENNEO_OAUTH_REDIRECT_URI='http://127.0.0.1:8080/interactive_oauth_example.php'\n"
        . "  export PENNEO_OAUTH_ENV=sandbox\n"
        . "\n"
        . 'The redirect URI must be registered identically in your Penneo OAuth client.'
    );
}

if (!Environment::isSupported($environment)) {
    interactiveOauthFail("PENNEO_OAUTH_ENV must be 'sandbox' or 'production'. Got: {$environment}");
}

$tokenStorage = new SessionTokenStorage('optionalKeyToPlaceTokensInto');

$penneoOAuth = OAuthBuilder::start()
    ->setEnvironment($environment)
    ->setClientId($clientId)
    ->setClientSecret($clientSecret)
    ->setRedirectUri($redirectUri)
    ->setTokenStorage($tokenStorage)
    ->build();

if (isset($_GET['error'])) {
    $detail = $_GET['error_description'] ?? '';
    header('Content-Type: text/plain; charset=utf-8');
    echo 'OAuth error: ' . $_GET['error'] . ($detail !== '' ? "\n" . $detail : '');
    exit(1);
}

if (isset($_GET['code'])) {
    if (empty($_SESSION['code_verifier'])) {
        interactiveOauthFail(
            "Missing PKCE code_verifier in session. Open this URL first in the same browser (no private window switch):\n"
            . $redirectUri
        );
    }
    try {
        $penneoOAuth->exchangeAuthCode($_GET['code'], $_SESSION['code_verifier']);
    } catch (PenneoSdkRuntimeException $e) {
        header('Content-Type: text/plain; charset=utf-8');
        echo 'Token exchange failed: ' . $e->getMessage();
        exit(1);
    }
} elseif (!$penneoOAuth->isAuthorized()) {
    $pkce = new PKCE();
    $codeVerifier = $pkce->getCodeVerifier();
    $_SESSION['code_verifier'] = $codeVerifier;

    try {
        $url = $penneoOAuth->buildRedirectUrl(
            ['full_access'],
            $pkce->getCodeChallenge($codeVerifier)
        );

        if (PHP_SAPI === 'cli') {
            fwrite(
                STDOUT,
                "Open in a browser (after: php -S 127.0.0.1:8080 -t docs):\n"
                . $redirectUri . "\n\n"
                . "Or paste this authorize URL:\n" . $url . "\n"
            );
            exit(0);
        }

        header('Location: ' . $url);
        exit;
    } catch (PenneoSdkRuntimeException $e) {
        if (PHP_SAPI === 'cli') {
            var_dump($e);
            exit(1);
        }
        header('Content-Type: text/plain; charset=utf-8');
        echo 'Could not build authorize URL: ' . $e->getMessage();
        exit(1);
    }
}

ApiConnector::initializeOAuth($penneoOAuth);

$casefile = new CaseFile();
$casefile->setTitle('new test casefile from PHP');
CaseFile::persist($casefile);

header('Content-Type: text/plain; charset=utf-8');
echo 'OK — Case file created. id=' . (string) $casefile->getId() . PHP_EOL;