0

I am currently trying to setup the Twinfield API, it should be pretty straight forward when using the php-twinfield/twinfield library. But there is one thing I don't fully understand.

Here is my code:

    $provider    = new OAuthProvider([
        'clientId'     => 'someClientId',
        'clientSecret' => 'someClientSecret',
        'redirectUri'  => 'https://example.org/'
    ]);

    $accessToken  = $provider->getAccessToken("authorization_code", ["code" => ...]);
    $refreshToken = $accessToken->getRefreshToken();
    $office       = \PhpTwinfield\Office::fromCode("someOfficeCode");

    $connection  = new \PhpTwinfield\Secure\OpenIdConnectAuthentication($provider, 
    $refreshToken, $office);

The $accessToken require something on the dots, some sort of code. I am not sure what that should be...

I hope someone can help me out. Thanks already!

I am still stuck with oauth2 setup... the provider seems to have all the information it needs to have. It returns a code which is needed to retrieve an accessToken. But, trying to get one using the following code:

$accessToken = $provider->getAccessToken('authorization_code', 
  ['code' => $_GET['code']]);

This will return 'invalid_grant'. I have tried to reset my clientSecret... but that did not help. I hope somebody can help me any further.

Machavity
  • 30,841
  • 27
  • 92
  • 100
Tom Roskam
  • 23
  • 5
  • With this type of OAuth2 redirect flow, you need to send the user to the login provider first; after they authorized there with their credentials, they get redirected back to your app (to the `redirectUri` you specified), with a `code` GET parameter appended to the URL. That code can then be exchanged for an access token. – CBroe May 06 '21 at 07:30
  • I don't fully understand what you mean. How am I going to send the user to the login provider? Does that mean I need to setup an API connection first and than send that connection to the provider? If you do have a code example, that would really help! (Not saying you need to do the work for me xD) – Tom Roskam May 06 '21 at 07:59
  • https://github.com/php-twinfield/twinfield#authentication refers to https://oauth2-client.thephpleague.com/usage/, this is basically what you need to implement. Whatever the necessary URL endpoints are, you’ll need to figure out via the Twinfield API documentation. (Unless your SDk already contains them in hard-coded form somehow.) – CBroe May 06 '21 at 08:04

1 Answers1

0

To access the Twinfield API the users must be authenticated. You can either do this by specifying a username and password or using OAuth2. When using OAuth2 you delegate the authentication to a so called OAuth Provider. After the user authenticated, the provider will redirect the user's browser to an endpoint (redirectUri) at your application. That request, that your application receives, has a GET parameter called code. Your app will then exchange the code for a token using its clientId and clientSecret and HTTP POST. Which means that your application must be registered at the OAuth2 provider so that the provider (e.g. github, facebook, google, ...) can validate the client credentials and return a token. And you will have to configure your provider variable to point to the OAuth provider that you connect with.

$provider = new OAuthProvider([
    'clientId'                => 'XXXXXX',    // The client ID assigned to you by the provider
    'clientSecret'            => 'XXXXXX',    // The client password assigned to you by the provider
    'redirectUri'             => 'https://example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://login.provider.com/authorize', //where the user's browser should be redirected to for triggering the authentication
    'urlAccessToken'          => 'https://login.provider.com/token', //where to exchange the code for a token
    'urlResourceOwnerDetails' => 'https://login.provider.com/resource' //where to get more details about a user
]);

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider
    // Redirect the user to the authorization URL.
}

Twinfield makes use of league/oauth2-client library for implementing OAuth. Therefore, refer to https://oauth2-client.thephpleague.com/usage/ for the details on how to setup an OAuth client in the twinfield library. league/oauth2-client supports some providers out of the box and allows third-party providers. Your provider may be in any of the lists. If not, refer to the documentation of your provider to get the right URLs.

Judith Kahrer
  • 301
  • 1
  • 5
  • This brings me a little closer, thanks! Although now I keep getting the 'invalid_grant' error. I am not totally sure why... – Tom Roskam May 06 '21 at 09:34