OAuth authorization

 

OAuth authorization

The Hyves API uses OAuth to authenticate a consumer, sign a request, block replay attacks and allow consumers to do calls as a particular user, so the first thing you need to know is how to connect with OAuth.

Example

// Include GenusApis in your document
require_once('GenusApis.php');
 
// Start a PHP session
session_start();
 
// Set the headers
header('Content-Type: text/html; charset=utf-8');
 
// Define the url of your script
define("SCRIPT_URL", "http://www.domain.com/script.php");
 
// Hyves API version to use:
define("HA_VERSION", "2.0");
 
// Catch the possible exceptions
try {
 
	// Declare your oauth_consumer
	$oOAuthConsumer = new OAuthConsumer("XXX-YOUR-CONSUMER-KEY-XXX", "XXX-YOUR-CONSUMER-SECRET-XXX");
 
	// Init GenusApis Object
	$oGenusApis = new GenusApis($oOAuthConsumer, HA_VERSION);
 
	// We use this switch to determine what we need to do
	$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : "default";
 
	switch($action) {
 
		case 'default':
			// Default page when no action is set we show a button to authorize with the API
			echo "<a href=\"".SCRIPT_URL."?action=authorize\">Authorize</a><br />";
			break;
 
		case 'authorize':
			// Create request token and authorize it (causes redirect).
			$oRequestToken = $oGenusApis->retrieveRequesttoken(array("friends.get", "users.get", "albums.getByUser"));
			$_SESSION['requesttoken_'.$oRequestToken->getKey()] = serialize($oRequestToken);
			$oGenusApis->redirectToAuthorizeUrl($oRequestToken, SCRIPT_URL."?action=authorized");
			break;
		case 'authorized':
			// Authorized page, hyves will redirect to this page (callback).
			$oauth_token = $_REQUEST['oauth_token'];
			$oRequestToken = getRequestTokenFromSession($oauth_token);
			$oAccessToken = $oGenusApis->retrieveAccesstoken($oRequestToken);
			$local_token = md5($oAccessToken->getKey());
			$_SESSION['localtoken_'.$local_token] = serialize($oAccessToken);
			$overviewUrl = SCRIPT_URL . "?action=overview&local_token=" . $local_token;
			header("Location: " . $overviewUrl);
			break;
		case 'overview':
			$local_token = $_REQUEST['local_token'];
			echo "Success!!";
			break;          		
	}
}
 
catch(GeneralException $e)
{
        echo "General Exception occured:<br>Code: ".$e->getCode()."<br>Message: ".$e->getMessage();
}
catch(HyvesApiException $e)
{
        echo "HyvesApi Exception occured:<br>Code: ".$e->getCode()."<br>Message: ".$e->getMessage();
}
 
// example storage for requesttoken
function getRequestTokenFromSession($oauth_token) {
        if (!isset($_SESSION['requesttoken_'.$oauth_token])) {
                header("Location: ".SCRIPT_URL."?action=invalidsession");
        }
        return unserialize($_SESSION['requesttoken_'.$oauth_token]);
}
 
// example storage for accesstoken
function getAccessTokenFromSession($local_token) {
        if (!isset($_SESSION['localtoken_'.$local_token])) {
                header("Location: ".SCRIPT_URL."?action=invalidsession");
        }
        return unserialize($_SESSION['localtoken_'.$local_token]);
}

This example uses the OAuth authorization example and the GenusApis PHP library.

Click here to see a live example and download the source code.