Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
- Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
- PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
/lib/ -> oauthlib.php (source)
Differences Between: [Versions 310 and 402] [Versions 311 and 402] [Versions 39 and 402] [Versions 400 and 402] [Versions 401 and 402]
(no description)
| File Size: | 784 lines (26 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
Defines 2 classes
oauth_helper:: (17 methods):
__construct()
get_signable_parameters()
sign()
prepare_oauth_parameters()
setup_oauth_http_header()
setup_oauth_http_options()
request_token()
set_access_token()
get_access_token()
request()
get()
post()
parse_result()
set_nonce()
set_timestamp()
get_timestamp()
get_nonce()
oauth2_client:: (18 methods):
__construct()
is_logged_in()
callback_url()
get_additional_login_parameters()
get_login_url()
build_post_data()
upgrade_token()
log_out()
request()
multi()
get_tokenname()
store_token()
get_refresh_token()
get_stored_token()
get_accesstoken()
get_clientid()
get_clientsecret()
use_http_get()
Class: oauth_helper - X-Ref
OAuth helper class1. You can extends oauth_helper to add specific functions, such as twitter extends oauth_helper
2. Call request_token method to get oauth_token and oauth_token_secret, and redirect user to authorize_url,
developer needs to store oauth_token and oauth_token_secret somewhere, we will use them to request
access token later on
3. User approved the request, and get back to moodle
4. Call get_access_token, it takes previous oauth_token and oauth_token_secret as arguments, oauth_token
will be used in OAuth request, oauth_token_secret will be used to bulid signature, this method will
return access_token and access_secret, store these two values in database or session
5. Now you can access oauth protected resources by access_token and access_secret using oauth_helper::request
method (or get() post())
Note:
1. This class only support HMAC-SHA1
2. oauth_helper class don't store tokens and secrets, you must store them manually
3. Some functions are based on http://code.google.com/p/oauth/
| __construct($args) X-Ref |
| Contructor for oauth_helper. Subclass can override construct to build its own $this->http param: array $args requires at least three keys, oauth_consumer_key |
| get_signable_parameters($params) X-Ref |
| Build parameters list: oauth_consumer_key="0685bd9184jfhq22", oauth_nonce="4572616e48616d6d65724c61686176", oauth_token="ad180jjd733klru7", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D", oauth_timestamp="137131200", oauth_version="1.0" oauth_verifier="1.0" param: array $param return: string |
| sign($http_method, $url, $params, $secret) X-Ref |
| Create signature for oauth request param: string $url param: string $secret param: array $params return: string |
| prepare_oauth_parameters($url, $params, $http_method = 'POST') X-Ref |
| Initilize oauth request parameters, including: oauth_consumer_key="0685bd9184jfhq22", oauth_token="ad180jjd733klru7", oauth_signature_method="HMAC-SHA1", oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D", oauth_timestamp="137131200", oauth_nonce="4572616e48616d6d65724c61686176", oauth_version="1.0" To access protected resources, oauth_token should be defined param: string $url param: string $token param: string $http_method return: array |
| setup_oauth_http_header($params) X-Ref |
| No description |
| setup_oauth_http_options($options) X-Ref |
| Sets the options for the next curl request param: array $options |
| request_token() X-Ref |
| Request token for authentication This is the first step to use OAuth, it will return oauth_token and oauth_token_secret return: array |
| set_access_token($token, $secret) X-Ref |
| Set oauth access token for oauth request param: string $token param: string $secret |
| get_access_token($token, $secret, $verifier='') X-Ref |
| Request oauth access token from server param: string $method param: string $url param: string $token param: string $secret |
| request($method, $url, $params=array() X-Ref |
| Request oauth protected resources param: string $method param: string $url param: string $token param: string $secret |
| get($url, $params=array() X-Ref |
| shortcut to start http get request |
| post($url, $params=array() X-Ref |
| shortcut to start http post request |
| parse_result($str) X-Ref |
| A method to parse oauth response to get oauth_token and oauth_token_secret param: string $str return: array |
| set_nonce($str) X-Ref |
| Set nonce |
| set_timestamp($time) X-Ref |
| Set timestamp |
| get_timestamp() X-Ref |
| Generate timestamp |
| get_nonce() X-Ref |
| Generate nonce for oauth request |
Class: oauth2_client - X-Ref
OAuth 2.0 Client for using web access tokens.http://tools.ietf.org/html/draft-ietf-oauth-v2-22
| __construct($clientid, $clientsecret, moodle_url $returnurl, $scope) X-Ref |
| Constructor. param: string $clientid param: string $clientsecret param: moodle_url $returnurl param: string $scope |
| is_logged_in() X-Ref |
| Is the user logged in? Note that if this is called after the first part of the authorisation flow the token is upgraded to an accesstoken. return: boolean true if logged in |
| callback_url() X-Ref |
| Callback url where the request is returned to. return: moodle_url url of callback |
| get_additional_login_parameters() X-Ref |
| An additional array of url params to pass with a login request. return: array of name value pairs. |
| get_login_url() X-Ref |
| Returns the login link for this oauth request return: moodle_url login url |
| build_post_data($params) X-Ref |
| Given an array of name value pairs - build a valid HTTP POST application/x-www-form-urlencoded string. param: array $params Name / value pairs. return: string POST data. |
| upgrade_token($code) X-Ref |
| Upgrade a authorization token from oauth 2.0 to an access token param: string $code the code returned from the oauth authenticaiton return: boolean true if token is upgraded succesfully |
| log_out() X-Ref |
| Logs out of a oauth request, clearing any stored tokens |
| request($url, $options = array() X-Ref |
| Make a HTTP request, adding the access token we have param: string $url The URL to request param: array $options param: mixed $acceptheader mimetype (as string) or false to skip sending an accept header. return: bool |
| multi($requests, $options = array() X-Ref |
| Multiple HTTP Requests This function could run multi-requests in parallel. param: array $requests An array of files to request param: array $options An array of options to set return: array An array of results |
| get_tokenname() X-Ref |
| Returns the tokenname for the access_token to be stored through multiple requests. The default implentation is to use the classname combiend with the scope. return: string tokenname for prefernce storage |
| store_token($token) X-Ref |
| Store a token between requests. Currently uses session named by get_tokenname param: stdClass|null $token token object to store or null to clear |
| get_refresh_token() X-Ref |
| Get a refresh token!!! return: string |
| get_stored_token() X-Ref |
| Retrieve a token stored. return: stdClass|null token object |
| get_accesstoken() X-Ref |
| Get access token object. This is just a getter to read the private property. return: stdClass |
| get_clientid() X-Ref |
| Get the client ID. This is just a getter to read the private property. return: string |
| get_clientsecret() X-Ref |
| Get the client secret. This is just a getter to read the private property. return: string |
| use_http_get() X-Ref |
| Should HTTP GET be used instead of POST? Some APIs do not support POST and want oauth to use GET instead (with the auth_token passed as a GET param). return: bool true if GET should be used |
