Skip to content

Instantly share code, notes, and snippets.

@edutrul
Forked from asika32764/github-oauth2-client.php
Last active September 7, 2022 02:47
Show Gist options
  • Save edutrul/abdf4a7855f6d893a7659eae51070087 to your computer and use it in GitHub Desktop.
Save edutrul/abdf4a7855f6d893a7659eae51070087 to your computer and use it in GitHub Desktop.
Simple PHP example of using Github's OAuth 2 API
<?php
// Code taken from https://gist.github.com/asika32764/b204ff4799d577fd4eef
// Code changes by @edutrul "added https" in all responses
// Makes sure when creating the app you deploy to a hosting/cloud
// If you want to do it quickly then use heroku.
// When adding the app in github make sure you just add the domain name like https://example.com
// Notice the "https" being added in the callback, website and other fields in github page.
define('OAUTH2_CLIENT_ID', '<YOUR CLIENT ID>');
define('OAUTH2_CLIENT_SECRET', '<YOUR CLIENT SECRET GENERATED ONCE in GITHUB APP - make sure to take notes>');
# URL of github api
$authorizeURL = 'https://github.com/login/oauth/authorize';
$tokenURL = 'https://github.com/login/oauth/access_token';
$apiURLBase = 'https://api.github.com/';
# start sessions
session_start();
print_r($_SESSION);
// Start the login process by sending the user to Github's authorization page
if (get('action') == 'login') {
// Generate a random hash and store in the session for security
$_SESSION['state'] = hash('sha256', microtime(TRUE).rand().$_SERVER['REMOTE_ADDR']);
unset($_SESSION['access_token']);
$params = array(
'client_id' => OAUTH2_CLIENT_ID,
'redirect_uri' => 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'],
'scope' => 'user',
'state' => $_SESSION['state']
);
// Redirect the user to Github's authorization page
header('Location: ' . $authorizeURL . '?' . http_build_query($params));
die();
}
// to kill all Sessions and reset code base
if (get('action') == 'exit') {
unset($_SESSION['state']);
unset($_SESSION['access_token']);
session_destroy();
exit();
}
// When Github redirects the user back here, there will be a "code" and "state" parameter in the query string
if (get('code')) {
// Verify the state matches our stored state
if(!get('state') || $_SESSION['state'] != get('state')) {
header('Location: ' . $_SERVER['PHP_SELF']);
die();
}
// Exchange the auth code for a token
$token = apiRequest($tokenURL, array(
'client_id' => OAUTH2_CLIENT_ID,
'client_secret' => OAUTH2_CLIENT_SECRET,
'redirect_uri' => 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'],
'state' => $_SESSION['state'],
'code' => get('code')
));
$_SESSION['access_token'] = $token->access_token;
header('Location: ' . $_SERVER['PHP_SELF']);
}
# if successful show results
if (session('access_token')) {
$user = apiRequest($apiURLBase.'user');
echo '<h3>Logged In</h3>';
echo '<h4>' . $user->login . '</h4>';
echo '<pre>';
print_r($user);
echo '</pre>';
# print out full list of urls of github
print '<br /><br />';
print '<h3>Full List of Urls on Github</h3>';
$full = apiRequest($apiURLBase);
foreach ($full as $key=>$value)
{
print $key .'=>'. $value.'<br />';
}
} else {
# fail result if no session token
echo '<h3>Not logged in</h3>';
echo '<p><a href="?action=login">Log In</a></p>';
}
# main function for curl requests
function apiRequest($url, $post=FALSE, $headers=array()) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Linux useragent'); //change agent string
if($post)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
$headers[] = 'Accept: application/json';
# add access token to header
if(session('access_token'))
$headers[] = 'Authorization: Bearer ' . session('access_token');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
return json_decode($response); //decode response
}
# array key existence
function get($key, $default=NULL) {
return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
}
# array key existence
function session($key, $default=NULL) {
return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
}
?>
@edutrul
Copy link
Author

edutrul commented Sep 7, 2022

Github app example...:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment