Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
/lib/ -> oauthlib.php (source)

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403]

(no description)

File Size: 784 lines (26 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 2 classes


Class: oauth_helper  - X-Ref

OAuth helper class

1. You can extends oauth_helper to add specific functions, such as twitter extends oauth_helper
2. Call request_token method to get oauth_token and oauth_token_secret, and redirect user to authorize_url,
developer needs to store oauth_token and oauth_token_secret somewhere, we will use them to request
access token later on
3. User approved the request, and get back to moodle
4. Call get_access_token, it takes previous oauth_token and oauth_token_secret as arguments, oauth_token
will be used in OAuth request, oauth_token_secret will be used to bulid signature, this method will
return access_token and access_secret, store these two values in database or session
5. Now you can access oauth protected resources by access_token and access_secret using oauth_helper::request
method (or get() post())

Note:
1. This class only support HMAC-SHA1
2. oauth_helper class don't store tokens and secrets, you must store them manually
3. Some functions are based on http://code.google.com/p/oauth/

__construct($args)   X-Ref
Contructor for oauth_helper.
Subclass can override construct to build its own $this->http

param: array $args requires at least three keys, oauth_consumer_key

get_signable_parameters($params)   X-Ref
Build parameters list:
oauth_consumer_key="0685bd9184jfhq22",
oauth_nonce="4572616e48616d6d65724c61686176",
oauth_token="ad180jjd733klru7",
oauth_signature_method="HMAC-SHA1",
oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
oauth_timestamp="137131200",
oauth_version="1.0"
oauth_verifier="1.0"

param: array $param
return: string

sign($http_method, $url, $params, $secret)   X-Ref
Create signature for oauth request

param: string $url
param: string $secret
param: array $params
return: string

prepare_oauth_parameters($url, $params, $http_method = 'POST')   X-Ref
Initilize oauth request parameters, including:
oauth_consumer_key="0685bd9184jfhq22",
oauth_token="ad180jjd733klru7",
oauth_signature_method="HMAC-SHA1",
oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
oauth_timestamp="137131200",
oauth_nonce="4572616e48616d6d65724c61686176",
oauth_version="1.0"
To access protected resources, oauth_token should be defined

param: string $url
param: string $token
param: string $http_method
return: array

setup_oauth_http_header($params)   X-Ref
No description

setup_oauth_http_options($options)   X-Ref
Sets the options for the next curl request

param: array $options

request_token()   X-Ref
Request token for authentication
This is the first step to use OAuth, it will return oauth_token and oauth_token_secret

return: array

set_access_token($token, $secret)   X-Ref
Set oauth access token for oauth request

param: string $token
param: string $secret

get_access_token($token, $secret, $verifier='')   X-Ref
Request oauth access token from server

param: string $method
param: string $url
param: string $token
param: string $secret

request($method, $url, $params=array()   X-Ref
Request oauth protected resources

param: string $method
param: string $url
param: string $token
param: string $secret

get($url, $params=array()   X-Ref
shortcut to start http get request


post($url, $params=array()   X-Ref
shortcut to start http post request


parse_result($str)   X-Ref
A method to parse oauth response to get oauth_token and oauth_token_secret

param: string $str
return: array

set_nonce($str)   X-Ref
Set nonce


set_timestamp($time)   X-Ref
Set timestamp


get_timestamp()   X-Ref
Generate timestamp


get_nonce()   X-Ref
Generate nonce for oauth request


Class: oauth2_client  - X-Ref

OAuth 2.0 Client for using web access tokens.

http://tools.ietf.org/html/draft-ietf-oauth-v2-22

__construct($clientid, $clientsecret, moodle_url $returnurl, $scope)   X-Ref
Constructor.

param: string $clientid
param: string $clientsecret
param: moodle_url $returnurl
param: string $scope

is_logged_in()   X-Ref
Is the user logged in? Note that if this is called
after the first part of the authorisation flow the token
is upgraded to an accesstoken.

return: boolean true if logged in

callback_url()   X-Ref
Callback url where the request is returned to.

return: moodle_url url of callback

get_additional_login_parameters()   X-Ref
An additional array of url params to pass with a login request.

return: array of name value pairs.

get_login_url()   X-Ref
Returns the login link for this oauth request

return: moodle_url login url

build_post_data($params)   X-Ref
Given an array of name value pairs - build a valid HTTP POST application/x-www-form-urlencoded string.

param: array $params Name / value pairs.
return: string POST data.

upgrade_token($code)   X-Ref
Upgrade a authorization token from oauth 2.0 to an access token

param: string $code the code returned from the oauth authenticaiton
return: boolean true if token is upgraded succesfully

log_out()   X-Ref
Logs out of a oauth request, clearing any stored tokens


request($url, $options = array()   X-Ref
Make a HTTP request, adding the access token we have

param: string $url The URL to request
param: array $options
param: mixed $acceptheader mimetype (as string) or false to skip sending an accept header.
return: bool

multi($requests, $options = array()   X-Ref
Multiple HTTP Requests
This function could run multi-requests in parallel.

param: array $requests An array of files to request
param: array $options An array of options to set
return: array An array of results

get_tokenname()   X-Ref
Returns the tokenname for the access_token to be stored
through multiple requests.

The default implentation is to use the classname combiend
with the scope.

return: string tokenname for prefernce storage

store_token($token)   X-Ref
Store a token between requests. Currently uses
session named by get_tokenname

param: stdClass|null $token token object to store or null to clear

get_refresh_token()   X-Ref
Get a refresh token!!!

return: string

get_stored_token()   X-Ref
Retrieve a token stored.

return: stdClass|null token object

get_accesstoken()   X-Ref
Get access token object.

This is just a getter to read the private property.

return: stdClass

get_clientid()   X-Ref
Get the client ID.

This is just a getter to read the private property.

return: string

get_clientsecret()   X-Ref
Get the client secret.

This is just a getter to read the private property.

return: string

use_http_get()   X-Ref
Should HTTP GET be used instead of POST?
Some APIs do not support POST and want oauth to use
GET instead (with the auth_token passed as a GET param).

return: bool true if GET should be used