-
Notifications
You must be signed in to change notification settings - Fork 183
Authentication and Authorization
Here's how the authentication & authorization flow works:
-
Using the DropboxAuthHelper to generate a login/authorization URL with the
getAuthUrl()method. -
The URL with take the user to an app authorization screen and the upon approval, will redirect them back to a pre-specified URL (Callback URL/Page).
-
On the Callback Page, we can obtain the user access token through the
getAccessToken()method.
File: header.php
<?php
session_start();
require_once 'vendor/autoload.php';
use Kunnu\Dropbox\Dropbox;
use Kunnu\Dropbox\DropboxApp;
//Configure Dropbox Application
$app = new DropboxApp("client_id", "client_secret");
//Configure Dropbox service
$dropbox = new Dropbox($app);
//DropboxAuthHelper
$authHelper = $dropbox->getAuthHelper();
//Callback URL
$callbackUrl = "https://{my-website}/login-callback.php";
?>File: login.php
<?php
require_once 'header.php';
//Fetch the Authorization/Login URL
$authUrl = $authHelper->getAuthUrl($callbackUrl);
echo "<a href='" . $authUrl . "'>Log in with Dropbox</a>";
?>The DropboxAuthHelper makes use PHP sessions to store a CSRF token, which will be validated using the
stateparameter returned as a query parameter with the Callback URL. Before calling thegetAuthUrl()method, make sure sessions are enabled.
Let's fetch the AccessToken using the code and state obtained along with the callback URL as query parameters.
File: login-callback.php
<?php
require_once 'header.php'
if (isset($_GET['code']) && isset($_GET['state'])) {
//Bad practice! No input sanitization!
$code = $_GET['code'];
$state = $_GET['state'];
//Fetch the AccessToken
$accessToken = $authHelper->getAccessToken($code, $state, $callbackUrl);
echo $accessToken->getToken();
}
?>To revoke an access token, simply call the revokeAccessToken() method.
Note: The access token must already be set before call the
revokeAccessTokenmethod.
$authHelper->revokeAccessToken();