OAuth 2.0
- 1.
- 2.
- 3.Wait for the approval of the project from the administration
- 4.Go to the project editing page
- 5.After entering the REDIRECT_URL field, you will receive a Client ID and a Secret Key
Where:
- CLIENT_ID - The Client ID that was assigned to you
- REDIRECT_URL - The redirect address you specified when filling out the request (Location where the authorization request payload data is referenced in the authorization request to the endpoint)
- STATE - The value to be returned in the token. The client application can use it to memorize the state of its interaction with the end user during the authentication call. It may contain alphanumeric characters, commas, dots, underscores, and hyphens.
Integration is performed by OAuth2.0 standards.
Direct the user to the following address:
A PHP example:
$state = uniqid('', true);
$_SESSION['state'] = $state;
$query = http_build_query([
'client_id' => CLIENT_ID,
'redirect_uri' => CLIENT_SECRET,
'response_type' => 'code',
'scope' => '',
'state' => $state,
]);
header('Location: https://multi-pass.online/oauth/authorize?' . $query);
exit;
At the address of the specified redirect, it accepts the response. Data in case of successful authorization:
{
'code' => CODE,
'state' => STATE,
}
Change the authorization code to Access token, referring to the address:
PHP
cURL
if ($_SESSION['state'] !== $_GET['state']) {
// Error
}
$data = [
'grant_type' => 'authorization_code',
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'redirect_uri' => REDIRECT_URL,
'code' => $_GET['code'],
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://multi-pass.online/oauth/token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
]);
$response = curl_exec($ch);
curl_close($ch);
$result = json_decode($response, true);
curl --request POST \
--url 'https://multi-pass.online/oauth/token' \
--header 'Content-Type: application/json' \
--data '{
"grant_type": "authorization_code",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
"redirect_uri": "REDIRECT_URL",
"code": "CODE"
}'
Where:
- CLIENT_ID - The Client ID that was assigned to you
- CLIENT_SECRET - The secret key you were given
- REDIRECT_URL - The redirect address you specified when filling out the request (Location where the authorization request payload data is referenced in the authorization request to the endpoint)
- CODE - Received authorization code
If successful, you will receive an access_token and a refresh_token:
{
'token_type' => Bearer,
'expires_in' => 1296000,
'access_token' => ACCESS_TOKEN,
'refresh_token' => REFRESH_TOKEN,
}
Next, you can use the access_token to get information about the user at the following address:
PHP
cURL
$ch = curl_init();
$headers = [
'Accept: application/json',
'Authorization: Bearer ' . $access_token
];
curl_setopt($ch, CURLOPT_URL, 'https://multi-pass.online/api/user');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error: ' . curl_error($ch);
} else {
$result = json_decode($result, true);
}
curl_close($ch);
curl -X GET \
-H "Accept: application/json" \
-H "Authorization: Bearer ACCESS_TOKEN" \
https://multi-pass.online/api/user
A user object will be returned as the result of the query.
To skip the login form page, you need to add a parameter with email or phone to the address:
Last modified 6mo ago