Sample PHP Application To Demonstrate OAuth Usage

To make use of OAuth you'll first have to register an application at http://www.points2shop.com/application/add. Please read the API introduction if you need help filling out the form. After you filled out the form and the application has been created, you will receive your client ID and client secret which you will need later in this tutorial.

In this Sample PHP application, we will obtain the user's permission to retrieve their completed offers. Throughout the tutorial, we assume, the application is installed at http://p2soauthclient.example.com.

This application has two PHP scripts - index.php and back.php. The index.php file will handle the initial user OAuth request. back.php will handle the actual request of data.

index.php

points2shop.com OAuth Client Example

<?php
# Define the client and secret as constants
define('CLIENT_ID', 'your_client_id');
define('CLIENT_SECRET', 'your_client_secret');

$get_params = http_build_query(
   array(
     'client_id' => CLIENT_ID, 
     'redirect_uri' => 'http://p2soauthclient.example.com/back.php?', 
     'scope' => 'basic_profile,completed_offers', 
     'response_type' => 'code'
   )
);

$url = "http://www.points2shop.com/oauth?" . $get_params;
?>
<a href="<?php echo $url; ?>">
 Authorize this application to retrieve your basic profile and completed offers information
</a>

                                                                                                                           

In index.php, we construct an OAuth hyperlink and ask the user to visit that URL. Once the user visits the OAuth URL, they will be presented with a screen to allow or deny the access. The screen contains the application name and a list of scopes for which the access is being requested. Once the user clicks on the Allow button, they will be redirected to http://p2soauthclient.example.com/back.php?code=somesecretauthorizationcode.

Using the authorization code, we retrieve our access token. Using the access token, we can query the protected resources like user's basic profile and completed offers.

back.php

<?php
# Define the client and secret as constants
define('CLIENT_ID', 'yourclientid');
define('CLIENT_SECRET', 'yourclientsecret');
?>


<?php
if (isset($_GET['code'])) {
    $code = $_GET['code'];
} else {
    echo "Failed to get authorization code";
    exit();
}

// create a new cURL resource
# The URL to retrieve the access token using the authorization code
$url = 'http://www.points2shop.com/oauth/token';

$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);

# We have to send client_id, client_secret and code as HTTP POST fields
$post_fields = http_build_query(array('code'=>$code, 'client_id'=>CLIENT_ID, 'client_secret'=>CLIENT_SECRET));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);

$response_body = curl_exec($ch);

# The HTTP response body contains a JSON object, decode it to convert it to PHP object
$response_array = json_decode($response_body);
$access_token = $response_array->access_token;
curl_close($ch);

# Now, we have the access token. We can use it to access protected resources
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

# URL to retrieve user's basic profile
$url = 'http://www.points2shop.com/oauth_resources/basic_profile';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);

# Send access_token as a HTTP POST parameter
$post_fields = http_build_query(array('access_token'=>$access_token));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
$response_body = curl_exec($ch);
# Check whether the response was valid
$curl_info = curl_getinfo($ch);

if ($curl_info['http_code'] != 200) {
    echo "Unable to obtain information";
    exit();
}


$user_profile_fields = json_decode($response_body);

echo htmlspecialchars($user_profile_fields->first_name . " " . $user_profile_fields->last_name);
echo "(" . htmlspecialchars($user_profile_fields->username) . ") has completed the following offers
";

# Similarly, retrieve the completed offers of the user
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$url = 'http://www.points2shop.com/oauth_resources/completed_offers';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);

$post_fields = http_build_query(array("access_token"=>$access_token));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);

$response_body = curl_exec($ch);
# Check whether the response was valid
$curl_info = curl_getinfo($ch);

if ($curl_info['http_code'] != 200) {
    echo "Unable to obtain information";
    exit();
}

$completed_offers = json_decode($response_body);

# Iterate the offers and show them
foreach ($completed_offers as $offer) {
    echo "Status : " . htmlspecialchars($offer->status) . "
";
    echo "Offer : " . htmlspecialchars($offer->offer_name) . "
";
    echo "Value : " . htmlspecialchars($offer->offer_value) . "
";
    echo "Signup date : " . htmlspecialchars($offer->signup_date) . "
";
}

Back to Points2shop OAuth API