Skip to content

vdbelt/oauth2-revolut

Repository files navigation

Revolut Provider for OAuth 2.0 Client

Build Status Latest Version Software License Total Downloads

This package provides Revolut OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require vdbelt/oauth2-revolut

Usage

Usage is the same as The League's OAuth client, using \League\OAuth2\Client\Provider\Revolut as the provider.

Generating Key Pairs

Start with generating a key pair as described in the Revolut API docs:

openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825

Upload the public key through the Revolut for Business API Settings page, and store the private key somewhere safe.

Authorization Code Flow

$provider = new League\OAuth2\Client\Provider\Revolut([
    'clientId'          => '{revolut-client-id}',
    'privateKey'        => 'file://{revolut-private-key-path}',
    'redirectUri'       => 'https://example.com/callback-url' // equal to redirect URI provided to Revolut
    'isSandbox'         => false
]);

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {

    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $_GET['code']
    ]);

    // Store the token somewhere safe. Note that the token is valid for 40 minutes.
    // After 40 minutes, you can request a new access token based on the refresh token (valid for 90 days):
    if($token->hasExpired()) {
        $newToken = $provider->getAccessToken('refresh_token', [
            'refresh_token' => $token->getRefreshToken()
        ]);
    }

    // Use this to interact with the API on the users behalf
    echo $token->getToken();
}

Testing

$ ./vendor/bin/phpunit

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.