Finish Client Credentials grant type, add to readme and remove oauth1…

… from readme
mautic · Aug 21, 2021 · 6e03aec · 6e03aec
1 parent 0def2e3
commit 6e03aec
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 58 deletions.
diff --git a/README.md b/README.md
@@ -25,8 +25,7 @@ then copy the Client ID and Client Secret to the application that will be using
 ## Authorization
 
 ### Obtaining an access token
-The first step is to obtain authorization.  Mautic supports OAuth 1.0a and OAuth 2 however it is up to the administrator
-to decide which is enabled.  Thus it is best to have a configuration option within your project for the administrator
+The first step is to obtain authorization.  Mautic supports OAuth 2.  Thus it is best to have a configuration option within your project for the administrator
 to choose what method should be used by your code.
 
 ```php
@@ -46,7 +45,6 @@ $callback  = '';
 // ApiAuth->newAuth() will accept an array of Auth settings
 $settings = [
     'baseUrl'          => '',       // Base URL of the Mautic instance
-    'version'          => 'OAuth2', // Version of the OAuth can be OAuth2 or OAuth1a. OAuth2 is the default value.
     'clientKey'        => '',       // Client/Consumer key from Mautic
     'clientSecret'     => '',       // Client/Consumer secret key from Mautic
     'callback'         => '',       // Redirect URI/Callback URI for this script
@@ -55,7 +53,6 @@ $settings = [
 /*
 // If you already have the access token, et al, pass them in as well to prevent the need for reauthorization
 $settings['accessToken']        = $accessToken;
-$settings['accessTokenSecret']  = $accessTokenSecret; //for OAuth1.0a
 $settings['accessTokenExpires'] = $accessTokenExpires; //UNIX timestamp
 $settings['refreshToken']       = $refreshToken;
 */
@@ -76,7 +73,6 @@ try {
         // refresh token
 
         // $accessTokenData will have the following keys:
-        // For OAuth1.0a: access_token, access_token_secret, expires
         // For OAuth2: access_token, expires, token_type, refresh_token
 
         if ($auth->accessTokenUpdated()) {
@@ -90,6 +86,41 @@ try {
 }
 ```
 
+
+### Using 2-legged OAuth2 using Client Credentials
+
+The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
+
+```php
+<?php
+
+// Bootup the Composer autoloader
+include __DIR__ . '/vendor/autoload.php';  
+
+use Mautic\Auth\ApiAuth;
+
+$settings = [
+    'AuthMethod'   => 'TwoLeggedOAuth2',
+    'clientKey'    => '',
+    'clientSecret' => '',
+    'baseUrl'      => '',
+];
+
+// $settings['accessToken'] = 'your stored access token';
+
+
+$initAuth = new ApiAuth();
+$auth     = $initAuth->newAuth($settings, $settings['AuthMethod']);
+
+if (!isset($settings['accessToken'])) {
+    // store it for one hour and use it in $settings above
+    $accessToken = $auth->getAccessToken();
+}
+
+// Nothing else to do ... It's ready to use.
+// Just pass the auth object to the API context you are creating.
+```
+
 ### Using Basic Authentication Instead
 Instead of messing around with OAuth, you may simply elect to use BasicAuth instead.
 

diff --git a/lib/Auth/TwoLeggedOAuth2.php b/lib/Auth/TwoLeggedOAuth2.php
@@ -9,48 +9,6 @@
  * @license     GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html
  */
 
-/*
-|--------------------------------------------------------------------------
-| 2-legged OAuth2 using the grant_type  client_credentials
-|--------------------------------------------------------------------------
-|
-| use Mautic\Auth\ApiAuth;
-|
-| // ApiAuth->newAuth() will accept an array of Auth settings
-| $settings = array(
-|     'AuthMethod'       => '2LeggedOAuth2' // Must be one of 'OAuth' or 'BasicAuth'
-      'clientKey'        => '',       // Client/Consumer key from Mautic
-      'clientSecret'     => '',       // Client/Consumer secret key from Mautic
-|     'baseUrl'           => '',         // NOTE: Required for Unit tests; *must* contain a valid url
-| );
-|
-| // Initiate the auth object
-| $initAuth = new ApiAuth();
-| $auth = $initAuth->newAuth($settings, $settings['AuthMethod']);
-|
-|--------------------------------------------------------------------------
-| Basic API Usage
-|--------------------------------------------------------------------------
-|
-| To use, just pass the auth object to the Api context you are creating.
-|
-| use Mautic\MauticApi;
-|
-| // Get a Contact context
-| $api = new MauticApi();
-| $contactApi = $api->newApi('contacts', $auth, $settings['apiUrl']);
-|
-| // Get Contact list
-| $results = $contactApi->getList();
-|
-| Note: If the credentials are incorrect an error response will be returned:
-| array('errors' => [[
-|       'code'    => 403,
-|       'message' => 'access_denied: OAuth2 authentication required' )
-| ]]
-|
-*/
-
 namespace Mautic\Auth;
 
 use Mautic\Exception\RequiredParameterMissingException;
@@ -103,7 +61,7 @@ public function isAuthorized()
      *
      * @throws RequiredParameterMissingException
      */
-    public function setup($baseUrl, $clientKey, $clientSecret)
+    public function setup($baseUrl, $clientKey, $clientSecret, $accessToken = null)
     {
         // we MUST have the username and password. No Blanks allowed!
         //
@@ -119,9 +77,10 @@ public function setup($baseUrl, $clientKey, $clientSecret)
             );
         }
 
-        $this->baseurl      = $baseUrl;
-        $this->clientKey    = $clientKey;
-        $this->clientSecret = $clientSecret;
+        $this->baseurl       = $baseUrl;
+        $this->clientKey     = $clientKey;
+        $this->clientSecret  = $clientSecret;
+        $this->_access_token = $accessToken;
 
         if (!$this->_access_token_url) {
             $this->_access_token_url = $baseUrl.'/oauth/v2/token';
@@ -136,8 +95,9 @@ public function setup($baseUrl, $clientKey, $clientSecret)
      */
     protected function prepareRequest($url, array $headers, array $parameters, $method, array $settings)
     {
-        //Set Basic Auth parameters/headers
-      //  $headers = array_merge($headers, ['Authorization: Bearer '.$this->_access_token]);
+        if ($this->_access_token !== null) {
+            $headers = array_merge($headers, ['Authorization: Bearer '.$this->_access_token]);
+        }
 
         return [$headers, $parameters];
     }
@@ -147,14 +107,15 @@ protected function prepareRequest($url, array $headers, array $parameters, $meth
      */
     public function getAccessToken(): string
     {
-
-        $parameters = [
+        $parameters      = [
             'client_id'     => $this->clientKey,
             'client_secret' => $this->clientSecret,
             'grant_type'    => 'client_credentials',
         ];
-        $params = $this->makeRequest($this->_access_token_url, $parameters, 'POST');
-        print_r($params);
-        die();
+        $accessTokenData = $this->makeRequest($this->_access_token_url, $parameters, 'POST');
+        //store access token data however you want
+        $this->_access_token = $accessTokenData['access_token'] ?? null;
+
+        return $this->_access_token;
     }
 }