source: spip-zone/_plugins_/facteur/trunk/phpmailer-php5/get_oauth_token.php @ 92830

Last change on this file since 92830 was 92830, checked in by rastapopoulos@…, 4 years ago

Mettons à jour PHPMailer, qui a eu 4 versions de plus, dont de grosses choses, au moins : ajout de la méthode Oauth pour Gmail (qui a l'air compliqué cela dit, et pas encore intégré dans la config de Facteur !) + de la sécurité importante.

File size: 2.2 KB
Line 
1<?php
2/**
3 * Get an OAuth2 token from Google.
4 * * Install this script on your server so that it's accessible
5 * as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
6 * e.g.: http://localhost/phpmail/get_oauth_token.php
7 * * Ensure dependencies are installed with 'composer install'
8 * * Set up an app in your Google developer console
9 * * Set the script address as the app's redirect URL
10 * If no refresh token is obtained when running this file, revoke access to your app
11 * using link: https://accounts.google.com/b/0/IssuedAuthSubTokens and run the script again.
12 * This script requires PHP 5.4 or later
13 * PHP Version 5.4
14 */
15
16require 'vendor/autoload.php';
17
18session_start();
19
20//If this automatic URL doesn't work, set it yourself manually
21$redirectUri = isset($_SERVER['HTTPS']) ? 'https://' : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
22//$redirectUri = 'http://localhost/phpmailer/get_oauth_token.php';
23
24//These details obtained are by setting up app in Google developer console.
25$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
26$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
27
28//Set Redirect URI in Developer Console as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
29$provider = new League\OAuth2\Client\Provider\Google(
30    array(
31        'clientId' => $clientId,
32        'clientSecret' => $clientSecret,
33        'redirectUri' => $redirectUri,
34        'scopes' => array('https://mail.google.com/'),
35        'accessType' => 'offline'
36    )
37);
38
39if (!isset($_GET['code'])) {
40    // If we don't have an authorization code then get one
41    $authUrl = $provider->getAuthorizationUrl();
42    $_SESSION['oauth2state'] = $provider->getState();
43    header('Location: ' . $authUrl);
44    exit;
45// Check given state against previously stored one to mitigate CSRF attack
46} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
47    unset($_SESSION['oauth2state']);
48    exit('Invalid state');
49} else {
50    // Try to get an access token (using the authorization code grant)
51    $token = $provider->getAccessToken(
52        'authorization_code',
53        array(
54            'code' => $_GET['code']
55        )
56    );
57
58    // Use this to get a new access token if the old one expires
59    echo 'Refresh Token: ' . $token->getRefreshToken();
60}
Note: See TracBrowser for help on using the repository browser.