-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathauthorization.php
35 lines (29 loc) · 1.63 KB
/
authorization.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php
ini_set('display_errors', 'On');
require __DIR__ . '/vendor/autoload.php';
require_once('storage.php');
// Storage Class uses sessions for storing access token (demo only)
// you'll need to extend to your Database for a scalable solution
$storage = new StorageClass();
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => '__YOUR_CLIENT_ID__',
'clientSecret' => '__YOUR_CLIENT_SECRET__',
'redirectUri' => 'http://localhost:8888/xero-php-oauth2-starter/callback.php',
'urlAuthorize' => 'https://login.xero.com/identity/connect/authorize',
'urlAccessToken' => 'https://identity.xero.com/connect/token',
'urlResourceOwnerDetails' => 'https://api.xero.com/api.xro/2.0/Organisation'
]);
// Scope defines the data your app has permission to access.
// Learn more about scopes at https://developer.xero.com/documentation/oauth2/scopes
$options = [
'scope' => ['openid email profile offline_access assets projects accounting.settings accounting.transactions accounting.contacts accounting.journals.read accounting.reports.read accounting.attachments']
];
// This returns the authorizeUrl with necessary parameters applied (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl($options);
// Save the state generated for you and store it to the session.
// For security, on callback we compare the saved state with the one returned to ensure they match.
$_SESSION['oauth2state'] = $provider->getState();
// Redirect the user to the authorization URL.
header('Location: ' . $authorizationUrl);
exit();
?>