Commit 7cf7c2107bd5788d369e3f33e354f53795831691
1 parent
b5c6d0399d
Exists in
master
bug fixes sso callback
Showing 1 changed file with 16 additions and 3 deletions Inline Diff
SsoClientLibrary.php
| 1 | <?php | 1 | <?php |
| 2 | session_start(); | 2 | session_start(); |
| 3 | 3 | ||
| 4 | /* | 4 | /* |
| 5 | * Nama : File SSO client library | 5 | * Nama : File SSO client library |
| 6 | * Tujuan : File ini dibuat dalam bentuk class objek sehingga dapat di integrasikan | 6 | * Tujuan : File ini dibuat dalam bentuk class objek sehingga dapat di integrasikan |
| 7 | * dengan aplikasi pihak ketiga yang ingin terhubung menggunakan aplikasi SSO | 7 | * dengan aplikasi pihak ketiga yang ingin terhubung menggunakan aplikasi SSO |
| 8 | * Deskripsi Variable : | 8 | * Deskripsi Variable : |
| 9 | * $clientId | 9 | * $clientId |
| 10 | * - merupakan identitas unik ID yang diperoleh saat mendaftarkan | 10 | * - merupakan identitas unik ID yang diperoleh saat mendaftarkan |
| 11 | * aplikasi pihak ketiga pada aplikasi SSO | 11 | * aplikasi pihak ketiga pada aplikasi SSO |
| 12 | * $clientSecret | 12 | * $clientSecret |
| 13 | * - merupakan identitas unik Secret (rahasia) yang digunakan saat akses | 13 | * - merupakan identitas unik Secret (rahasia) yang digunakan saat akses |
| 14 | * kepada aplikasi SSO sehingga diizinkan | 14 | * kepada aplikasi SSO sehingga diizinkan |
| 15 | * $redirectUri | 15 | * $redirectUri |
| 16 | * - merupakan alamat url yang akan mengelola hasil informasi login SSO | 16 | * - merupakan alamat url yang akan mengelola hasil informasi login SSO |
| 17 | * $targetUri | 17 | * $targetUri |
| 18 | * - adalah alamat website aplikasi SSO | 18 | * - adalah alamat website aplikasi SSO |
| 19 | * | 19 | * |
| 20 | */ | 20 | */ |
| 21 | 21 | ||
| 22 | class SsoClientLibrary { | 22 | class SsoClientLibrary { |
| 23 | 23 | ||
| 24 | protected $clientId; | 24 | protected $clientId; |
| 25 | protected $clientSecret; | 25 | protected $clientSecret; |
| 26 | protected $redirectUri; | 26 | protected $redirectUri; |
| 27 | protected $targetUri; | 27 | protected $targetUri; |
| 28 | 28 | ||
| 29 | public function __construct() { | 29 | public function __construct() { |
| 30 | $this->clientId = ''; // 3rd Party client Id | 30 | $this->clientId = ''; // 3rd Party client Id |
| 31 | $this->clientSecret = ''; // 3rd Party client secret | 31 | $this->clientSecret = ''; // 3rd Party client secret |
| 32 | $this->redirectUri = 'http://localhost/sample-sso-php/masuk-sso.php'; // 3rd Party url redirect or url to handle callback | 32 | $this->redirectUri = 'http://localhost/sample-sso-php/masuk-sso.php'; // 3rd Party url redirect or url to handle callback |
| 33 | $this->targetUri = 'https://sso.riau.go.id/'; // SSO Riau portal | 33 | $this->targetUri = 'https://sso.riau.go.id/'; // SSO Riau portal |
| 34 | } | 34 | } |
| 35 | 35 | ||
| 36 | public function ssoRequest() { | 36 | public function ssoRequest() { |
| 37 | // $state = Str::random(40); | ||
| 38 | $state = base64_encode(random_bytes(40)); | 37 | $state = base64_encode(random_bytes(40)); |
| 39 | $query = http_build_query([ | 38 | $query = http_build_query([ |
| 40 | 'client_id' => $this->clientId, | 39 | 'client_id' => $this->clientId, |
| 41 | 'redirect_uri' => $this->redirectUri, | 40 | 'redirect_uri' => $this->redirectUri, |
| 42 | 'response_type' => 'code', | 41 | 'response_type' => 'code', |
| 43 | 'scope' => '', | 42 | 'scope' => '', |
| 44 | 'state' => $state, | 43 | 'state' => $state, |
| 45 | ]); | 44 | ]); |
| 46 | 45 | ||
| 47 | $_url = $this->targetUri ."oauth/authorize?" . $query; | 46 | $_url = $this->targetUri ."oauth/authorize?" . $query; |
| 48 | header("Location: " . $_url); | 47 | header("Location: " . $_url); |
| 49 | die(); | 48 | die(); |
| 50 | } | 49 | } |
| 51 | 50 | ||
| 52 | public function ssoCallback() { | 51 | public function ssoCallback() { |
| 53 | if (isset($_GET['code']) && !empty(($_GET['code']))) { | 52 | $url = parse_url($this->redirectUri); |
| 53 | $code = str_replace($url['path'] . '?code=','',$_SERVER['REQUEST_URI']); | ||
| 54 | $code = explode('&',$code); | ||
| 55 | $code = $code[0] ?? ''; | ||
| 56 | if ($code != '') { | ||
| 54 | $_access_token = ''; | 57 | $_access_token = ''; |
| 55 | $_errors = ''; | 58 | $_errors = ''; |
| 56 | 59 | ||
| 57 | $_posts = [ | 60 | $_posts = [ |
| 58 | 'grant_type' => 'authorization_code', | 61 | 'grant_type' => 'authorization_code', |
| 59 | 'client_id' => $this->clientId, | 62 | 'client_id' => $this->clientId, |
| 60 | 'client_secret' => $this->clientSecret, | 63 | 'client_secret' => $this->clientSecret, |
| 61 | 'redirect_uri' => $this->redirectUri, | 64 | 'redirect_uri' => $this->redirectUri, |
| 62 | 'code' => $_GET['code'], | 65 | 'code' => $code, |
| 63 | ]; | 66 | ]; |
| 64 | $arr_token = $this->__runCurl('POST', $this->targetUri."oauth/token", $_posts); | 67 | $arr_token = $this->__runCurl('POST', $this->targetUri."oauth/token", $_posts); |
| 65 | return $arr_token; | 68 | return $arr_token; |
| 66 | } | 69 | } |
| 67 | die('Something went wrong, please trace back your action!'); | 70 | die('Something went wrong, please trace back your action!'); |
| 68 | } | 71 | } |
| 69 | 72 | ||
| 70 | public function ssoUserInfo($access_token) { | 73 | public function ssoUserInfo($access_token) { |
| 71 | if ($access_token != '') { | 74 | if ($access_token != '') { |
| 72 | $header = [ | 75 | $header = [ |
| 73 | 'Content-Type: application/json', | 76 | 'Content-Type: application/json', |
| 74 | 'Authorization: Bearer '.$access_token, | 77 | 'Authorization: Bearer '.$access_token, |
| 75 | ]; | 78 | ]; |
| 76 | $user_info = $this->__runCurl('GET', $this->targetUri."api/userInfo", [], $header); | 79 | $user_info = $this->__runCurl('GET', $this->targetUri."api/userInfo", [], $header); |
| 77 | return $user_info; | 80 | return $user_info; |
| 78 | } | 81 | } |
| 79 | die('Something went wrong, please trace back your action!'); | 82 | die('Something went wrong, please trace back your action!'); |
| 80 | } | 83 | } |
| 81 | 84 | ||
| 82 | public function ssoAsnInfo($access_token, $nip) { | 85 | public function ssoAsnInfo($access_token, $nip) { |
| 83 | if ($access_token != '' && $nip != '') { | 86 | if ($access_token != '' && $nip != '') { |
| 84 | $header = [ | 87 | $header = [ |
| 85 | 'Content-Type: application/json', | 88 | 'Content-Type: application/json', |
| 86 | 'Authorization: Bearer '.$access_token, | 89 | 'Authorization: Bearer '.$access_token, |
| 87 | ]; | 90 | ]; |
| 88 | 91 | ||
| 89 | $query = http_build_query([ | 92 | $query = http_build_query([ |
| 90 | 'nip' => $nip | 93 | 'nip' => $nip |
| 91 | ]); | 94 | ]); |
| 92 | $asn_info = $this->__runCurl('POST', $this->targetUri."api/userData?".$query, [], $header); | 95 | $asn_info = $this->__runCurl('POST', $this->targetUri."api/userData?".$query, [], $header); |
| 93 | return $asn_info; | 96 | return $asn_info; |
| 94 | } | 97 | } |
| 95 | die('Something went wrong, please trace back your action!'); | 98 | die('Something went wrong, please trace back your action!'); |
| 96 | } | 99 | } |
| 97 | 100 | ||
| 98 | private function __runCurl($method = 'GET', $url, $data = [], $header = []) { | 101 | private function __runCurl($method = 'GET', $url, $data = [], $header = []) { |
| 99 | $error = ''; | 102 | $error = ''; |
| 100 | $ch = curl_init($url); | 103 | $ch = curl_init($url); |
| 101 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | 104 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); |
| 102 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); | 105 | curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); |
| 103 | if ($method == 'POST') { | 106 | if ($method == 'POST') { |
| 104 | curl_setopt($ch, CURLOPT_POSTFIELDS, $data); | 107 | curl_setopt($ch, CURLOPT_POSTFIELDS, $data); |
| 105 | } | 108 | } |
| 106 | if (!empty($header)) { | 109 | if (!empty($header)) { |
| 107 | curl_setopt($ch, CURLOPT_HTTPHEADER, $header); | 110 | curl_setopt($ch, CURLOPT_HTTPHEADER, $header); |
| 108 | } | 111 | } |
| 109 | //curl_setopt($ch, CURLOPT_TIMEOUT, 5); //timeout in seconds | 112 | //curl_setopt($ch, CURLOPT_TIMEOUT, 5); //timeout in seconds |
| 110 | //curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); | 113 | //curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); |
| 111 | //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); | 114 | //curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); |
| 112 | 115 | ||
| 113 | $response = curl_exec($ch); | 116 | $response = curl_exec($ch); |
| 114 | if (curl_error($ch)) { | 117 | if (curl_error($ch)) { |
| 115 | $error = curl_error($ch); | 118 | $error = curl_error($ch); |
| 116 | } | 119 | } |
| 117 | curl_close($ch); | 120 | curl_close($ch); |
| 118 | 121 | ||
| 119 | if ($error == '' && !empty($response)) { | 122 | if ($error == '' && !empty($response)) { |
| 120 | return $response; | 123 | return $response; |
| 121 | } else { | 124 | } else { |
| 122 | return $error; | 125 | return $error; |
| 123 | } | 126 | } |
| 124 | die('Something went wrong, please trace back your action!'); | 127 | die('Something went wrong, please trace back your action!'); |
| 128 | } | ||
| 129 | |||
| 130 | public function ssoLogout($url_back = '') { | ||
| 131 | $query = http_build_query([ | ||
| 132 | 'url_back' => $url_back, | ||
| 133 | ]); | ||
| 134 | |||
| 135 | $_url = $this->targetUri ."sso/logout?" . $query; | ||
| 136 | header("Location: " . $_url); | ||
| 137 | die(); | ||
| 125 | } | 138 | } |
| 126 | 139 | ||
| 127 | } | 140 | } |
| 128 | 141 | ||
| 129 | ?> | 142 | ?> |