Current development state.

web-api-key replaced to WEB-API-key globally

Author: Vitexus

.openapi-generator/templates/api.mustache

@@ -102,7 +102,7 @@ use {{invokerPackage}}\ObjectSerializer;
         $this->headerSelector = $selector ?: new HeaderSelector();
         $this->hostIndex = $hostIndex;
         if (method_exists($this->client, 'getApiKey')) {
-            $config['headers']['web-api-key'] = $this->client->getApiKey();
+            $config['headers']['WEB-API-key'] = $this->client->getApiKey();
             $this->setApiKey($this->client->getApiKey());
         }
         if (method_exists($this->client, 'getAccessToken')) {
@@ -122,7 +122,7 @@ use {{invokerPackage}}\ObjectSerializer;
      */
     public function setApiKey(string $apiKey): void
     {
-        $this->config->setApiKey('web-api-key', $apiKey);
+        $this->config->setApiKey('WEB-API-key', $apiKey);
     }
 
     /**
@@ -909,7 +909,7 @@ use {{invokerPackage}}\ObjectSerializer;
             }
         }
 
-        $options['headers']['web-api-key'] = $this->config->getApiKey('web-api-key');
+        $options['headers']['WEB-API-key'] = $this->config->getApiKey('WEB-API-key');
         $options['headers']['authorization'] = 'Bearer '.$this->config->getAccessToken();
 
         return $options;

Examples/accounts.php

@@ -22,7 +22,7 @@
 $apiInstance = new \SpojeNET\Csas\Accounts\DefaultApi(new SpojeNET\Csas\ApiClient(
     [
         'apikey' => Shr::cfg('API_KEY'),
-        'token' => Shr::cfg('API_TOKEN'),
+        'token' => Shr::cfg('ACCESS_TOKEN'),
         'debug' => Shr::cfg('API_DEBUG', false),
         'sandbox' => Shr::cfg('SANDBOX_MODE'),
     ],

Examples/auth.php

@@ -35,18 +35,22 @@
     'redirect_uri' => Shr::cfg('REDIRECT_URI'),
     'state' => Fnc::randomString(),
     'access_type' => 'offline',
-    'scope' => implode('%20', [
-        'siblings.accounts',
-        //        'siblings.payments',
-        //        'AISP',
-        //        'PISP'
-    ]),
+//    'scope' => implode('%20', [
+//        'siblings.accounts',
+//        //        'siblings.payments',
+//        //        'AISP',
+//        //        'PISP'
+//    ]),
 ];
 
+session_start();
+$_SESSION['oauth2state'] = $idpParams['state'];
+
 $idpUri = Fnc::addUrlParams($idpLink.'/auth', $idpParams);
 
 if (\PHP_SAPI === 'cli') {
     echo $idpUri;
 } else {
     echo '<a href='.$idpUri.'>'.$idpUri.'</a>';
 }
+

Examples/balance.php

@@ -22,7 +22,7 @@
 $apiInstance = new \SpojeNET\Csas\Accounts\DefaultApi(new SpojeNET\Csas\ApiClient(
     [
         'apikey' => Shr::cfg('API_KEY'),
-        'token' => Shr::cfg('API_TOKEN'),
+        'token' => Shr::cfg('ACCESS_TOKEN'),
         'debug' => Shr::cfg('API_DEBUG', false),
         'sandbox' => Shr::cfg('SANDBOX_MODE'),
     ],

Examples/redirectedFromBank.php

@@ -14,6 +14,7 @@
  */
 
 use Ease\Shared as Shr;
+use League\OAuth2\Client\Provider\GenericProvider;
 
 require_once \dirname(__DIR__).'/vendor/autoload.php';
 
@@ -28,54 +29,102 @@
 $sandboxSite = 'https://webapi.developers.erstegroup.com/api/csas/sandbox/v1/sandbox-idp';
 $idpLink = Shr::cfg('SANDBOX_MODE', false) ? $sandboxSite : $productionSite;
 $tokenUrl = $idpLink.'/token';
+$authorizeUrl = $idpLink.'/authorize';
+$resourceUrl = $idpLink.'/resource';
+
+$provider = new GenericProvider([
+    'clientId'                => $clientId,
+    'clientSecret'            => $clientSecret,
+    'redirectUri'             => $redirectUri,
+    'urlAuthorize'            => $authorizeUrl,
+    'urlAccessToken'          => $tokenUrl,
+    'urlResourceOwnerDetails' => $resourceUrl
+]);
 
 // Start session
 session_start();
 
-if (\PHP_SAPI === 'cli') {
-    parse_str($argv[1], $params);
-    $code = \array_key_exists('code', $params) ? $params['code'] : '';
-} else {
-    $code = \array_key_exists('code', $_GET) ? $_GET['code'] : '';
-}
+// If we don't have an authorization code then get one
+if (!isset($_GET['code'])) {
+
+    // Fetch the authorization URL from the provider; this returns the
+    // urlAuthorize option and generates and applies any necessary parameters
+    // (e.g. state).
+    $authorizationUrl = $provider->getAuthorizationUrl();
+
+    // Get the state generated for you and store it to the session.
+    $_SESSION['oauth2state'] = $provider->getState();
+
+    // Optional, only required when PKCE is enabled.
+    // Get the PKCE code generated for you and store it to the session.
+    $_SESSION['oauth2pkceCode'] = $provider->getPkceCode();
+
+    // Redirect the user to the authorization URL.
+    header('Location: ' . $authorizationUrl);
+    exit;
+
+// Check given state against previously stored one to mitigate CSRF attack
+} elseif (empty($_GET['state']) || empty($_SESSION['oauth2state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
 
-// Check if the authorization code is set
-if ($code) {
-    // Prepare the POST request to exchange the authorization code for an access token
-    $postFields = [
-        'grant_type' => 'authorization_code',
-        'code' => $code,
-        'redirect_uri' => $redirectUri,
-        'client_id' => $clientId,
-        'client_secret' => $clientSecret,
-    ];
-
-    $ch = curl_init();
-    curl_setopt($ch, \CURLOPT_URL, $tokenUrl);
-    curl_setopt($ch, \CURLOPT_POST, true);
-    curl_setopt($ch, \CURLOPT_POSTFIELDS, http_build_query($postFields));
-    curl_setopt($ch, \CURLOPT_RETURNTRANSFER, true);
-    curl_setopt($ch, \CURLOPT_VERBOSE, 1);
-
-    $response = curl_exec($ch);
-    $info = curl_getinfo($ch);
-    curl_close($ch);
-
-    $responseData = json_decode($response, true);
-
-    if (isset($responseData['access_token'])) {
-        // Store the access token in the session
-        $_SESSION['access_token'] = $responseData['access_token'];
-        echo '<h2>Access token obtained successfully!</h2>';
-
-        echo 'access token:<textarea>'.$responseData['access_token'].'</textarea>';
-        echo 'refresh token:<textarea>'.$responseData['refresh_token'].'</textarea>';
-        var_dump($responseData);
-    } else {
-        echo 'Error obtaining access token!';
-
-        var_dump($info);
+    if (isset($_SESSION['oauth2state'])) {
+        unset($_SESSION['oauth2state']);
     }
+
+    exit('Invalid state');
+
 } else {
-    echo 'Authorization code not found!';
+
+    try {
+    
+        // Optional, only required when PKCE is enabled.
+        // Restore the PKCE code stored in the session.
+        $provider->setPkceCode($_SESSION['oauth2pkceCode']);
+
+        // Try to get an access token using the authorization code grant.
+        $tokens = $provider->getAccessToken('authorization_code', [
+            'code' => $_GET['code']
+        ]);
+
+        // We have an access token, which we may use in authenticated
+        // requests against the service provider's API.
+        echo 'Access Token: ' . $tokens->getToken() . "<br>";
+        echo 'Refresh Token: ' . $tokens->getRefreshToken() . "<br>";
+        echo 'Expired in: ' . $tokens->getExpires() . "<br>";
+        echo 'Already expired? ' . ($tokens->hasExpired() ? 'expired' : 'not expired') . "<br>";
+
+ 
+        
+        
+
+    $tokens = $provider->getAccessToken('refresh_token', [
+        'refresh_token' => $tokens->getRefreshToken()
+    ]);
+
+        echo 'access token:<textarea>'.$tokens->getToken().'</textarea>';
+//        echo 'refresh token:<textarea>'.$tokens->getRefreshToken().'</textarea>';
+    
+    
+        
+//        // Using the access token, we may look up details about the
+//        // resource owner.
+//        $resourceOwner = $provider->getResourceOwner($tokens);
+//
+//        var_export($resourceOwner->toArray());
+//
+//        // The provider provides a way to get an authenticated API request for
+//        // the service, using the access token; it returns an object conforming
+//        // to Psr\Http\Message\RequestInterface.
+//        $request = $provider->getAuthenticatedRequest(
+//            'GET',
+//            'https://service.example.com/resource',
+//            $tokens
+//        );
+
+    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
+
+        // Failed to get the access token or user details.
+        exit($e->getMessage());
+
+    }
+
 }

Examples/redirectedFromBankCURL.php

@@ -0,0 +1,120 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This file is part of the CsasWebApi package
+ *
+ * https://github.com/Spoje-NET/php-csas-webapi
+ *
+ * (c) SpojeNetIT <http://spoje.net/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Ease\Shared as Shr;
+
+require_once \dirname(__DIR__).'/vendor/autoload.php';
+
+Shr::init(['CLIENT_ID', 'CLIENT_SECRET'], \dirname(__DIR__).'/.env');
+
+// Use environment variables
+$clientId = Shr::cfg('CLIENT_ID');
+$clientSecret = Shr::cfg('CLIENT_SECRET');
+$redirectUri = Shr::cfg('REDIRECT_URI');
+
+$productionSite = 'https://bezpecnost.csas.cz/api/psd2/fl/oidc/v1';
+$sandboxSite = 'https://webapi.developers.erstegroup.com/api/csas/sandbox/v1/sandbox-idp';
+$idpLink = Shr::cfg('SANDBOX_MODE', false) ? $sandboxSite : $productionSite;
+$tokenUrl = $idpLink.'/token';
+
+// Start session
+session_start();
+
+if (\PHP_SAPI === 'cli') {
+    parse_str($argv[1], $params);
+    $code = \array_key_exists('code', $params) ? $params['code'] : '';
+} else {
+    $code = \array_key_exists('code', $_GET) ? $_GET['code'] : '';
+}
+
+// Check if the authorization code is set
+if ($code) {
+    // Prepare the POST request to exchange the authorization code for an access token
+    $postFields = [
+        'grant_type' => 'authorization_code',
+        'code' => $code,
+        'redirect_uri' => $redirectUri,
+        'client_id' => $clientId,
+        'client_secret' => $clientSecret,
+    ];
+
+    $ch = curl_init();
+    curl_setopt($ch, \CURLOPT_URL, $tokenUrl);
+    curl_setopt($ch, \CURLOPT_POST, true);
+    curl_setopt($ch, \CURLOPT_POSTFIELDS, http_build_query($postFields));
+    curl_setopt($ch, \CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($ch, \CURLOPT_VERBOSE, 1);
+
+    $response = curl_exec($ch);
+    $info = curl_getinfo($ch);
+    curl_close($ch);
+
+    $responseData = json_decode($response, true);
+
+    if (isset($responseData['access_token'])) {
+        // Store the access token in the session
+        $_SESSION['access_token'] = $responseData['access_token'];
+        echo '<h2>Access token obtained successfully!</h2>';
+
+        echo 'access token:<textarea>'.$responseData['access_token'].'</textarea>';
+        echo 'refresh token:<textarea>'.$responseData['refresh_token'].'</textarea>';
+        var_dump($responseData);
+
+        echo '<h2> Výměna CODE za Access Token a Refresh Token </h2>';
+        
+        curl_setopt($ch, \CURLOPT_URL, $idpLink.'/token');
+        curl_setopt($ch, \CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($ch, \CURLOPT_HEADER, false);
+
+        curl_setopt($ch, \CURLOPT_POST, true);
+
+        $postFields = [
+            'client_id' => $clientId,
+            'client_secret' => $clientSecret,
+            'grant_type' => 'refresh_token',
+            'refresh_token' => $responseData['refresh_token'],
+        ];
+
+        echo  '<h3>Token Request</h3>';
+        var_dump($postFields);
+        
+        curl_setopt($ch, \CURLOPT_POSTFIELDS, http_build_query($postFields));
+
+        curl_setopt($ch, \CURLOPT_HTTPHEADER, [
+            'Content-Type: application/x-www-form-urlencoded',
+        ]);
+
+        $response = curl_exec($ch);
+        
+
+        echo  '<h3>Token Response</h3>';
+        var_dump(curl_getinfo($ch));
+        
+        curl_close($ch);
+        
+        $responseData  = json_decode($response,true);
+        
+        var_dump($responseData);
+        
+        echo 'access token:<textarea>'.$responseData['access_token'].'</textarea>';
+        
+    } else {
+        echo 'Error obtaining access token!';
+
+        var_dump($info);
+    }
+} else {
+    echo 'Authorization code not found!';
+}