-
Notifications
You must be signed in to change notification settings - Fork 15
OAuth Integration
The Meetup API Client for PHP supports OAuth Authentication. Here's one way to set it up:
To begin, register your client at http://www.meetup.com/meetup_api/oauth_consumers/. This is where you'll get a consumer key and secret, which we'll need for the authentication process.
# Include the Meetup API Client
require_once('Meetup-API-client-for-PHP/Meetup.php');
# Begin a new session if there isn't an existing one.
if (!session_id()) {
session_start();
}
# If the access token is already stored in the session, we're good.
if (isset($_SESSION['meetup_access_token'])) {
$access_token = $_SESSION['meetup_access_token'];
} else {
# Otherwise, we need to redirect our user to Meetup, where they can give permission to your Consumer so act on their behalf.
$url = MEETUP_AUTH_URL;
# Add the client_id your received from setting up your OAuth Consumer
# The redirect URL is where you want your user to be redirected after Meetup confirms that your consumer is valid
$params = array(
"response_type" => "code",
"client_id" => "<YOUR CLIENT ID>",
"redirect_uri" => "<YOUR REDIRECT URL>"
);
$request_to = $url . '?' . http_build_query($params);
# This is where the redirect happens.
header("Location: " . $request_to);
}
# If the access token was in the session, we're golden. Set up a new connection and we can start querying the API
$connection = new MeetupOAuth2Connection($access_token);So what's happened so far when an unauthenticated user hits your page:
- There's nothing in the session, so we redirect them to Meetup
- Meetup verifies that the current user has given permission for your app to act on his/her behalf
- Meetup redirects that user to the URL specified in the redirect_url parameter
This is where we set up what happens when the use is redirected to the redirect_url
# Include the Meetup API Client
require_once('Meetup-API-client-for-PHP/Meetup.php');
# Meetup will always send back a code in the $_GET parameters upon success
if(isset($_GET['code'])) {
// try to get an access token
$code = $_GET['code'];
$url = MEETUP_ACCESS_TOKEN_URL;
# Set up POST parameters to access token endpoint
$fields = array(
"code" => $code,
"client_id" => "<YOUR CONSUMER KEY>",
"client_secret" => "<YOUR CONSUMER SECRET>",
"redirect_uri" => "<REDIRECT URI (SAME AS IN FIRST STEP)>",
"grant_type" => "authorization_code"
);
# URL encode the parameters
$fields_string = "";
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string,'&');
# Set the cURL options
$curl_options = array(
CURLOPT_RETURNTRANSFER => true, // return web page
CURLOPT_HEADER => true, // don't return headers
CURLOPT_USERAGENT => "<SOME USER AGENT TO IDENTIFY YOUR APP>", // who am i
CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
CURLOPT_TIMEOUT => 120, // timeout on response
CURLOPT_HEADER => 0,
CURLOPT_POST => count($fields),
CURLOPT_POSTFIELDS => $fields_string
);
# Perform the cURL request
$ch = curl_init( $url );
curl_setopt_array( $ch, $curl_options );
$content = curl_exec( $ch );
$header = curl_getinfo( $ch );
curl_close( $ch );
# Parse the JSON response, grab the access token
$response_obj = json_decode($content);
$access_token = $response_obj->access_token;
# Store the access token in the session
$_SESSION['meetup_access_token'] = $access_token;
# Redirect the user to whatever page needs them to be authenticated by Meetup.
header('Location: http://yourapp.com/authorized_portal');This example is just one way to get OAuth support in your app. Your integration with OAuth might look very different. Make sure to read through Meetup's Authentication Documentation for different ways to interact with Meetup's OAuth 2 implementation. For example, you may choose not to register your application, which is an option Meetup supports. Also, this example uses session-based storage for access keys. You're certainly welcome to store keys in whatever fashion you prefer, such as in database tables. Also, this example provides no error reporting in the event of an unauthorized request. Lastly, this example provides no means of renewing the access token after it's expired, something you'll have to handle in whatever manner you choose.