|
|
 Jimmy Stacks - 2015-02-10 12:13:37 Hi,
I'm fairly new to OAuth, but so far the PHP OAuth API is the only one I can get working with Fitbit of all the client libraries I've tried.
I was wondering how we might modify the code to show or hide a "Login with Fitbit" button.
At the moment, loeading the page login_with_fitbit.php will proceed to authenticate immediately with Fitbit.
I'd like to place a button on that page to Login with Fitbit, then hide the button and display API data on redirect, but also if there's a current OAuth session.
So, the user flow would be:
1) Display a "Login with Fitbit" button if the user hasn't authenticated with Fitbit (ie there's no current OAuth session
2) Hide the button when they authenticate and are redirected to login_with_fitbit.php
3) If there is already valid OAuth session, also hide the button and move straight to displaying API data.
Would like to do this with a PHP session for now, rather than storing in the database if possible.
This will then allow users to choose to connect to Fitbit but also prevent them from having to login every time they visit the page.
Is this possible? Some other PHP OAuth libraries have a method to check if there's a current session so you can skip OAuth authentication and use the stored session variables.
Thanks,
Jimmy
 Manuel Lemos - 2015-02-10 15:44:39 - In reply to message 1 from Jimmy StacksThe OAuth class itself does not display any login buttons, so it is up to your script to show them or not.
If after you call the Process function the class access_token variable has a token value (is not an empty string), the token was previously obtained and is valid.
Jimmy Stacks - 2015-02-11 01:38:46 - In reply to message 2 from Manuel LemosHi Manuel - thanks, yep got that one but the access_token variable is only available immediately after running Process() right?
I'd like to determine if there's a current session so if a user goes to another website and comes back to my website, the system determines if they have a session and doesn't display the login button.
Does that makes sense?
Some other OAuth clients allow for a check i.e. $client->getSessionStatus which will access the PHP session globals that are set as part of the auth process.
Any help appreciated on this.
On a side note I spent 2 days on other OAuth clients trying to get them to work without the PECL OAuth extension and I had your package integrated and working in about 30 minutes! This is a really good implementation!
Thanks - Jimmy
Manuel Lemos - 2015-02-11 02:18:52 - In reply to message 3 from Jimmy StacksThat is what the Process() function does. It checks the session variables to see if there is a valid token.
If the token does not exist or it is expired, it will redirect the user to the OAuth authorization page.
If the token exists but it is expired, it may refresh the token with a new valid token.
If the token exists and is not expired, it will set the access_token variable to the token value.
So you just need to call the Process() function and check if the access_token variable is not empty.
If you do not want the class to redirect to the OAuth authorization page, you can create a sub-class and redefine the Redirect function so it does nothing or does something else you consider useful for your purposes.
I could as well change the class to not redirect and set some variable to tell the authorization was not obtained, as in not logged in. But you would need wait a few days until I have more time to implement that.
|
