question

Anthony Gigliotti avatar image
Anthony Gigliotti asked ·

PHP code to read access_token from URL parameters

Does anyone have some sample PHP code that will read the access_token parameter from the URL? I am using Implicit Authorization, and after I login from the Ring Central login screen, I am redirected to my intranet's website, and the URL looks like:


I know normally, php would use the following: $_GET["access_token"]

However, due to there being a hash mark after "my_redirect_page.php", this doesn't work. In fact, I spent hours googling this and the main answers involved using javascript to parse and store the portion of the URL after the hash mark as follows. Then everything I tried to pass the javascript variable to PHP, and everything I read said to do it in a cookie, but tried as I might, I couldn't get that to work.


var hash = window.location.hash.substr(1);

document.cookie = 'url=' + document.write(hash);

var result = hash.split('&').reduce(function (result, item) {

var parts = item.split('=');

result[parts[0]] = parts[1];

return result;

}, {});


https://my_intranet_website/my_redirect_page.php#state=xyz&access_token=U0pDMTJQMDFQQVMwMHxBQUFEaXREYTR4MzNGTlNBRHRKbkdfYVJPVnAyQlNkTE1WejNwbklGelYyWUhhMUZ5a3BCZ242SDR0ZGwyZms1WDZKNF9QWWRPMEVYNEV2UTBjM2U1NkM0UDJ1eGRXTkY4QlUxN1hHYUxMeG5WbXBZVnlUWnJrOUJxV09sV21UbW1rREszMGltZEt3emRoUVpPdExULWVJeUtRYTU2STFZVXVLbFNYNVdFMnFwamNvRmYtUVRKZVpueFBsX0NsdnZ5VXNsaXQ2WV9yaGl1RjhoeVJKY2VkbFh8eXhxc01nfDlITmJjaTRnYXNNT0JlUlBBRS1yOUF8QUE&token_type=bearer&expires_in=3600&endpoint_id=n9B7e0SnSxa25C2IvgIikQ&scope=CallControl%20ReadAccounts%20EditExtensions




Another thing I tried was to set the php variable as follows. And I was able to echo the URL parameters as one long string to the screen, it seemed I couldn't use explode or strpos to parse $hash . It was as though the variable was blank except for the echo command. :


$hash = "<script>document.write(hash);</script>";

echo $hash;

$access_token_position = strpos($hash,"=");


I must be missing something simple hopefully. There must be sample code for the 2-legged auth (implicit) written in PHP. I found some for the 3-legged auth on the Ringcentral website but kept getting errors.


In any case, all I need to do is capture the resulting value for the access_token so I can use it in an API call in the simplest way possible in PHP.


All the php examples on the Ringcentral developer site use password authentication and I want to use implicit authentication.


Though I did find the one for the 3-legged auth, but after setting it up, kept getting the error:

Fatal error: Call to undefined method RingCentral\SDK\Platform\Platform::authUrl() in /var/www/html/ppt_portal/public_html/ringcentral/index.php on line 16


I'm OK using the RingCentral PHP SDK, or not. In this case, I am not using the PHP SDK.


Thank you.

php sdkimplicit grant flow
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Phong Vu avatar image
Phong Vu answered ·

Hi,

I am not sure how did you end up in using Implicit Authentication with PHP.

RingCentral implicit grant flow is meant for browser based apps only. See this dev guide for more details. That's why only the RingCentral JavaScript SDK supports implicit authentication. Once your app receives the access token, normally you use the token to call RingCentral APIs directly from your Javascript code. But for any reason you wish to pass the access token to your PHP backend, it's up to you to write code to pass the token.

Let me know if you have further questions.

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anthony Gigliotti avatar image
Anthony Gigliotti answered ·

It is a browser based app and we use PHP. It is actually an intranet page we are developing and users must use VPN on their mobile devices to get to the intranet pages. I was hoping someone would have a simple piece of code that could accomplish the passing of an access_token. I have done it with other API's most recently Microsoft Graph. However, that hash in the URL is something I haven't come across before and it is tripping me up.

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Anthony Gigliotti avatar image
Anthony Gigliotti answered ·

Thought I'd post this to let the forum I no longer need help and it might help someone else ...


Figured out code with some by googling a little more. In case anyone is interested. Basically a combination of javascript (to extract the fragment of the URL that comes after the hash, and pass it to the php code in the form of a cookie).

I am guessing Javascript is processed after php (client side code after server side code), so on first instance of page load, php does not recognize a cookie from javascript. So I reload the page if the cookie isn't set in PHP (hence If (isset($_COOKIE['url'])) with an else refresh). I coudn't tell you if this is the proper or best way of doing this.

Many ways to do this I assume, but I found once the URL parameters are now in a php variable, I split it by "=" and "&" since the url parameters basically look like:

variable_name=value&variable_name2=value2&variable_name3=value3

Now I have an array comprised of alternating variable names and variable values.

In my case, I want the access_token value which happens to be the 4th item of the array ( $exploded[3]) as a result of the explode function.

Now I can use the $access_token value in a relatively simple curl command that hits the Ringcentral API to get extensions or whatever I want.


My code which works:


<?php


echo "<script>

var hash = window.location.hash.substr(1);

document.cookie = 'url=' + hash;

var result = hash.split('&').reduce(function (result, item) {

var parts = item.split('=');

result[parts[0]] = parts[1];

return result;

}, {});

</script>";


If (isset($_COOKIE['url'])) {

function multiexplode ($delimiters,$string) {

$ready = str_replace($delimiters, $delimiters[0], $string);

$launch = explode($delimiters[0], $ready);

return $launch;

}


$access_token_position = strpos($_COOKIE['url'],"access_token=");

$exploded = multiexplode(array("=","&"),$_COOKIE['url']);

$access_token = $exploded[3];


$url_user_details = "https://platform.devtest.ringcentral.com/restapi/v1.0/account/~/extension?client_id=xxxxxxxxxxxxxxxxxxxxxxx&access_token=$access_token";;

$ch_user_details = curl_init();

$request_user_details = array();

curl_setopt($ch_user_details, CURLOPT_RETURNTRANSFER, TRUE);

curl_setopt($ch_user_details, CURLOPT_URL, $url_user_details);

curl_setopt($ch_user_details, CURLOPT_HTTPGET, true);

$request_user_details[] = 'Accept: application/json';

curl_setopt($ch_user_details, CURLOPT_HTTPHEADER, $request_user_details);

$planner_user_details_results = curl_exec($ch_user_details);

curl_close($ch_user_details);


ELSE {

header("Refresh:0");

}

Share
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.