Jump to content

Topic on Extension talk:WSOAuth/Flow

Bonkipedia (talkcontribs)

hey guys, I wrote a Twitter OAuth Provider and included it in the WSOAuth default providers list for myself. It's based on the Facebook example from the docs, and makes use of the smolblog twitter oauth2 plugin provided as a 3rd party integration by the PHP League.



<?php

namespace WSOAuth\AuthenticationProvider;

use Smolblog\OAuth2\Client\Provider\Twitter;

use MediaWiki\User\UserIdentity;

class TwitterAuth extends AuthProvider {

    /**

     * @var Twitter

     */

    private $provider;

    /**

     * @inheritDoc

     */

    public function __construct( string $clientId, string $clientSecret, ?string $authUri, ?string $redirectUri ) {

        $this->provider = new Twitter( [

            'clientId' => $clientId,

            'clientSecret' => $clientSecret,

            'redirectUri' => $redirectUri

        ] );

    }

    /**

     * @inheritDoc

     */

    public function login( ?string &$key, ?string &$secret, ?string &$authUrl ): bool {

        $authUrl = $this->provider->getAuthorizationUrl( [

            'scope' => [ 'users.read', 'offline.access', 'tweet.read' ]

        ] );

        $secret = $this->provider->getState();

        // We also need to store the PKCE Verification code so we can send it with

        // the authorization code request.

        $_SESSION['oauth2verifier'] = $this->provider->getPkceVerifier();

        return true;

    }

    /**

     * @inheritDoc

     */

    public function logout( UserIdentity &$user ): void {

    }

    /**

         * @inheritDoc

         */

    public function getUser( string $key, string $secret, &$errorMessage ) {

        if ( !isset( $_GET['code'] ) ) {

            unset($_SESSION['oauth2verifier']);

            return false;

        }

        if ( !isset( $_GET['state'] ) || empty( $_GET['state'] ) || ( $_GET['state'] !== $secret ) ) {

            return false;

        }

        try {

            $token = $this->provider->getAccessToken('authorization_code', [

            'code' => $_GET['code'],

            'code_verifier' => $_SESSION['oauth2verifier'],

        ]);

            $user = $this->provider->getResourceOwner( $token );

            return [

                'name' => $user->getUsername(),

                'realname' => $user->getName(),

                'email' => $user->getUsername() . '@bonkipedia.dev',

            ];

        } catch ( \Exception $e ) {

            return false;

        }

    }

    /**

     * @inheritDoc

     */

    public function saveExtraAttributes( int $id ): void {

    }

}

Bonkipedia (talkcontribs)

Here's Google as well. Hope this saves someone the misery I went through



<?php

namespace WSOAuth\AuthenticationProvider;

use League\OAuth2\Client\Provider\Google;

use MediaWiki\User\UserIdentity;

class GoogleAuth extends AuthProvider {

    /**

     * @var Google

     */

    private $provider;

    /**

     * @inheritDoc

     */

    public function __construct( string $clientId, string $clientSecret, ?string $authUri, ?string $redirectUri ) {

        $this->provider = new Google( [

            'clientId' => $clientId,

            'clientSecret' => $clientSecret,

            'redirectUri' => $redirectUri,

'hostedDomain' => <Optional, set to limit to only GCP hosted domains...>

        ] );

    }

    /**

     * @inheritDoc

     */

    public function login( ?string &$key, ?string &$secret, ?string &$authUrl ): bool {

        $authUrl = $this->provider->getAuthorizationUrl( [

            'scope' => [ 'email' ]

        ] );

        $secret = $this->provider->getState();

        return true;

    }

    /**

     * @inheritDoc

     */

    public function logout( UserIdentity &$user ): void {

    }

    /**

     * @inheritDoc

     */

    public function getUser( string $key, string $secret, &$errorMessage ) {

        if ( !isset( $_GET['code'] ) ) {

            return false;

        }

        if ( !isset( $_GET['state'] ) || empty( $_GET['state'] ) || ( $_GET['state'] !== $secret ) ) {

            return false;

        }

        try {

            $token = $this->provider->getAccessToken( 'authorization_code', [ 'code' => $_GET['code'] ] );

            $user = $this->provider->getResourceOwner( $token );

            return [

                'name' => $user->getName(),

                'realname' => $user->getName(),

                'email' => $user->getEmail()

            ];

        } catch ( \Exception $e ) {

            return false;

        }

    }

    /**

     * @inheritDoc

     */

    public function saveExtraAttributes( int $id ): void {

    }

}

Sen-Sai (talkcontribs)

I'll pass it on to my colleague!

Reply to "twitter OAuth Provider"