Sample OAuth Client File - WP OAuth Server

<?php
/**
 * Simple Example of a client calling WordPress OAuth Server
 * Replace the variabls below with your own.
 *
 * @author Justin Greer <[email protected]>
 */
$server_url = 'https://wordpress.dev';
$client_id = '6lkmsGocFcvxVG4S5s3QCHGi5Pvutl8AHtXaalmP';
$client_secret = 'yRntyrmDTquw7bOd0kHuFQ5mj2wtnSjVKGpi8MW2';
?>

<p>Authentication Code</p>
<form action="<?php echo $server_url; ?>/oauth/authorize?response_type=code&client_id=<?php echo $client_id; ?>" method="get">
	<input type="hidden" name="response_type" value="code" />
	<input type="hidden" name="client_id" value="<?php echo $client_id; ?>" />
	<button type="submit">Log In</button>
</form>

<p>OpenID Connect - Authentication Code</p>
<form action="<?php echo $server_url; ?>/oauth/authorize?response_type=code&client_id=<?php echo $client_id; ?>&scope=openid&nonce=123123" method="post">
	<button type="submit">Connect</button>
</form>

<p>OpenID Connect - Implicit Method</p>
<form action="<?php echo $server_url; ?>/oauth/authorize?response_type=id_token&client_id=<?php echo $client_id; ?>&nonce=121212" method="post">
	<button type="submit">Connect</button>
</form>

<p>Client Side Application (Implicit)</p>
<form action="<?php echo $server_url; ?>/oauth/authorize?response_type=token&client_id=<?php echo $client_id; ?>" method="post">
	<button type="submit">Login</button>
</form>

<p>User Credentials</p>
<form action="index.php" method="post">
	<input type="hidden" name="action" value="clientcredentials"/>
	<input type="text" name="username" placeholder="username"/><br/>
	<input type="password" name="password" placeholder="password"/><br/>

	<!--<input type="hidden" name="client_id" value="<?php echo $client_id; ?>"/>
	<input type="hidden" name="client_secret" value="<?php echo $client_secret; ?>"/>-->

	<button type="submit">Login</button>
</form>

<p>Refresh Token</p>
<form action="<?php echo $server_url; ?>/oauth/token" method="POST">
	<input type="text" name="refresh_token" value="" />
	<input type="hidden" name="grant_type" value="refresh_token" />
	<input type="hidden" name="client_id" value="<?php echo $client_id; ?>" />
	<input type="hidden" name="client_secret" value="<?php echo $client_secret; ?>" />
	<button type="submit">Request New</button>
</form>

<p>Destroy an Access Token</p>
<form action="<?php echo $server_url; ?>/oauth/destroy?access_token=jnu59u3bhadej9u77uzt7ihnlvlpd5dtqzb3igim" method="POST">
	<input type="text" name="access_token" value="" />
	<button type="submit">Destroy Sessions</button>
</form>

<?php 
/**
 * Handle error if there is one
 */
if( isset($_GET['error']) ){
	echo '<h3>Server Response</h3><pre>';
	echo $_GET['error'].': '.$_GET['error_description'];
}

/**
 * Handle Client Credentials Login
 */
if( isset($_POST['action']) ){

	switch($_POST['action']){
		
		/**
		 * Handle Client Credentials Request
		 */
		case 'clientcredentials':
			
			$curl_post_data = array(
				'grant_type' => 'password',
				'username' => $_POST['username'],
				'password'	=> $_POST['password'],
			);

			$curl = curl_init($server_url.'/oauth/token?scopes=openid');
			curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
			curl_setopt($curl, CURLOPT_USERPWD, $client_id.':'.$client_secret);
			curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
			curl_setopt($curl, CURLOPT_POST, true);
			curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
			curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
			curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB5');
			curl_setopt($curl, CURLOPT_REFERER, 'http://www.example.com/1');

			$curl_response = curl_exec($curl);
			curl_close($curl);
			echo '<h3>Server Response</h3><pre>';
			echo '<pre>';
			print_r($curl_response);
			echo '</pre>';

			break;
	}

}


/**
 * Example of gathering access_token if code is returned
 */
if(isset($_GET['code'])) {
	
	echo '<h3>Server Response</h3>';
	//echo 'Code: ' . $_GET['code'] . "<br/>";

	$curl_post_data = array(
		'grant_type' => 'authorization_code',
		'code' => $_GET['code'],
		'redirect_uri' => 'http;//oauth.dev',
		'client_id'	=> $client_id, // Only needed if server is running CGI
		'client_secret' => $client_secret // Only need if server is running CGI
	);

	$curl = curl_init($server_url.'/oauth/token');
	curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
	curl_setopt($curl, CURLOPT_USERPWD, $client_id.':'.$client_secret); //Your credentials goes here
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($curl, CURLOPT_POST, true);
	curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
	curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB5');
	curl_setopt($curl, CURLOPT_REFERER, 'http://www.example.com/1');

	//$curl_response = json_decode(curl_exec($curl));
	$curl_response = curl_exec($curl);
	curl_close($curl);
	echo '<pre>';
	print_r($curl_response);
	echo '</pre>';

	if(isset($curl_response->refresh_token)){
		echo '<h3>Refresh Token</h3>';
		$curl_post_data = array(
			'grant_type' => 'refresh_token',
			'refresh_token' => $curl_response->refresh_token,
		);
		$curl = curl_init($server_url.'/oauth/token');
		curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
		curl_setopt($curl, CURLOPT_USERPWD, $client_id.':'.$client_secret); //Your credentials goes here
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($curl, CURLOPT_POST, true);
		curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); // If the URL has https and you don't want to verify source certificate
		curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 GTB5');
			curl_setopt($curl, CURLOPT_REFERER, 'http://www.example.com/1');

		$curl_response = curl_exec($curl);
		curl_close($curl);
		print_r($curl_response);
	}
}