A production-ready implementation example of Riot Games' RSO (Riot Sign On) authentication system using PHP. This repository demonstrates secure OAuth2 integration with Riot Games' authentication services, following best practices and security standards.
- Complete OAuth2 authentication flow with Riot Games
- Secure token handling and validation
- User account information retrieval
- Error handling and validation
- HTTPS enforcement for security
- PHP 8.0 or higher
- SSL certificate (HTTPS is required for Riot Games OAuth2)
- Composer
- A registered Riot Games Developer account
- Valid RSO credentials from the Riot Developer Portal
This project relies on the following packages:
guzzlehttp/guzzle
: ^7.7.0 (HTTP client)league/oauth2-client
: ^2.7.0 (OAuth2 client implementation)kdefives/oauth2-riot
: ^1.0.0 (Riot Games OAuth2 provider)
- Clone the repository:
git clone https://github.com/REFUZIION/riot-php-rso-example.git
cd riot-php-rso-example
- Install dependencies:
composer install
- Update
config.php
with your credentials:
const BASE_URI = 'https://your-domain.com/'; // Must use HTTPS
const RIOT_CLIENT_ID = 'YOUR_CLIENT_ID_HERE';
const RIOT_CLIENT_SECRET = 'YOUR_CLIENT_SECRET_HERE';
- BASE_URI: Must use HTTPS protocol
- RIOT_CLIENT_ID: Obtained from Riot Developer Portal
- RIOT_CLIENT_SECRET: JWT token from Riot Developer Portal
- Ensure your web server is configured with SSL/TLS
- Direct users to the index page to initiate login
- Users will be redirected to Riot's authentication page
- After successful authentication, users return to your callback URL
- User information will be displayed (customize as needed)
- HTTPS is mandatory for all operations
- Input validation is implemented
- Output is properly sanitized
- Proper error handling is in place
├── config.php # Configuration file
├── index.php # Entry point
├── callback.php # OAuth callback handler
├── helpers.php # Utility functions
├── DOCS.md # Technical documentation
└── composer.json # Dependencies and autoloading
The application includes error handling for:
- Missing or invalid configuration
- Network failures
- Authentication errors
- Invalid responses
- Missing required data
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature
) - Commit your changes (
git commit -m 'Add some AmazingFeature'
) - Push to the branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
- kdefives/oauth2-riot for the OAuth2 provider implementation
- Riot Games Developer Portal for the authentication documentation
This project is licensed under the MIT License - see the LICENSE file for details.
For issues and feature requests, please use the GitHub Issues page.
REFUZIION - GitHub Profile