php实现paypal 授权登录
php实现paypal授权登录
<?php
/**
*@projectpaypallogin
*@authorjiangjianhe
*@date2015-04-03
*/
classpaypallogin
{
//沙箱token链接
private$_sanbox_oauth2_auth_uri='https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize';
private$_live_oauth2_auth_uri='https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize';
private$_acquire_user_profile_sandbox_url='https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/userinfo?schema=openid&access_token=';
private$_acquire_user_profile_live_url='https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/userinfo?schema=openid&access_token=';
//沙箱token链接
private$_token_service_sandbox_url='https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice';
private$_token_service_live_url='https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice';
private$_sanbox_flag=true;
private$_client_id=null;
private$_client_secret=null;
private$_redirect_uri=null;
private$_state='';
private$_scope='openidemailphoneprofileaddresshttps://uri.paypal.com/services/paypalattributes';//scope参数决定访问令牌的访问权限各个参数详解url;:https://www.paypal-biz.com/product/login-with-paypal/index.html#configureButton
public$token=null;
public$protocol="http";
/**
*@name构造函数
*@param$flag是否沙箱环境
*/
publicfunction__construct($redirect_uri,$client_id,$client_secret,$scope,$state,$flag=true)
{
$this->_sanbox_flag=$flag;
$this->_redirect_uri=$redirect_uri;
$this->_client_id=$client_id;
$this->_client_secret=$client_secret;
$this->_scope=$scope;
$this->_state=$state;
}
/**
*创建paypalrequesturl
*@returnstring
*/
publicfunctioncreate_request_url()
{
$oauth2_auth_uri=$this->_sanbox_flag?$this->_sanbox_oauth2_auth_uri:$this->_live_oauth2_auth_uri;
$url=$oauth2_auth_uri.'?'.
http_build_query(
array(
'client_id'=>$this->_client_id,//通过应用程序注册流程获得的唯一客户端标识符。必需。
'response_type'=>'code',//表明授权代码被发送回应用程序返回URL。为了使访问令牌在用户代理中不可见,建议使用<code>code</code>一值。如果您希望在响应中同时收到授权代码和id_token,请传递code+id_token。另一个可能的response_type值是token——大部分由javascript和移动客户端等公共客户端使用。
'scope'=>$this->_scope,//;implode(',',$this->scope),
'redirect_uri'=>urlencode($this->_redirect_uri),//应用程序的返回URL。结构、主机名和端口必须与您在注册应用程序时设置的返回URL相符。
'nonce'=>time().rand(),//不透明的随机标识符,可减少重放攻击风险。简单的函数是:(timestamp+Base64encoding(random\[16\]))。
'state'=>$this->_state,//CSRF验证码
)
);
return$url;
}
/**
*getPayPalaccesstoken
*@paramstring$code?
*@returnstringaccesstoken
*/
publicfunctionacquire_access_token($code){
$accessToken=null;
try{
$postvals=sprintf("client_id=%s&client_secret=%s&grant_type=authorization_code&code=%s",$this->_client_id,$this->_client_secret,$code);
if($this->_sanbox_flag)
$ch=curl_init($this->_token_service_sandbox_url);
else
$ch=curl_init($this->_token_service_live_url);
$options=array(
CURLOPT_POST=>1,
CURLOPT_VERBOSE=>1,
CURLOPT_POSTFIELDS=>$postvals,
CURLOPT_RETURNTRANSFER=>1,
CURLOPT_SSL_VERIFYPEER=>FALSE,
//CURLOPT_SSLVERSION=>2
);
curl_setopt_array($ch,$options);
$response=curl_exec($ch);
$error=curl_error($ch);
curl_close($ch);
if(!$response){
thrownewException("Errorretrievingaccesstoken:".curl_error($ch));
}
$jsonResponse=json_decode($response);
if(isset($jsonResponse->access_token)){
$accessToken=$jsonResponse->access_token;
}
}catch(Exception$e){
thrownewException($e->getMessage(),1);
}
return$accessToken;
}
/**
*getthePayPaluserprofile,decoded
*@paramstring$accessToken
*@returnobject
*/
publicfunctionacquire_paypal_user_profile($accessToken){
try{
if($this->_sanbox_flag)
$url=$this->_acquire_user_profile_sandbox_url.$accessToken;
else
$url=$this->_acquire_user_profile_live_url.$accessToken;
$ch=curl_init($url);
$options=array(
CURLOPT_RETURNTRANSFER=>1,
CURLOPT_SSL_VERIFYPEER=>FALSE,
//CURLOPT_SSLVERSION=>2
);
curl_setopt_array($ch,$options);
$response=curl_exec($ch);
$error=curl_error($ch);
curl_close($ch);
if(!$response)
{
returnfalse;
}
returnjson_decode($response);
}catch(Exception$e){
returnfalse;
}
}
}
?>
以上所述就是本文的全部内容了,希望大家能够喜欢。