Twinfield API OAuth2.0 getaccessToken php-twinfield/twinfield

Question

I am currently trying to setup the Twinfield API, it should be pretty straight forward when using the php-twinfield/twinfield library. But there is one thing I don't fully understand.

Here is my code:

    $provider    = new OAuthProvider([
        'clientId'     => 'someClientId',
        'clientSecret' => 'someClientSecret',
        'redirectUri'  => 'https://example.org/'
    ]);

    $accessToken  = $provider->getAccessToken("authorization_code", ["code" => ...]);
    $refreshToken = $accessToken->getRefreshToken();
    $office       = \PhpTwinfield\Office::fromCode("someOfficeCode");

    $connection  = new \PhpTwinfield\Secure\OpenIdConnectAuthentication($provider, 
    $refreshToken, $office);

The $accessToken require something on the dots, some sort of code. I am not sure what that should be...

I hope someone can help me out. Thanks already!

---

I am still stuck with oauth2 setup... the provider seems to have all the information it needs to have. It returns a code which is needed to retrieve an accessToken. But, trying to get one using the following code:

$accessToken = $provider->getAccessToken('authorization_code', 
  ['code' => $_GET['code']]);

This will return 'invalid_grant'. I have tried to reset my clientSecret... but that did not help. I hope somebody can help me any further.

Answer 1

To access the Twinfield API the users must be authenticated. You can either do this by specifying a username and password or using OAuth2. When using OAuth2 you delegate the authentication to a so called OAuth Provider. After the user authenticated, the provider will redirect the user's browser to an endpoint ( redirectUri ) at your application. That request, that your application receives, has a GET parameter called code . Your app will then exchange the code for a token using its clientId and clientSecret and HTTP POST. Which means that your application must be registered at the OAuth2 provider so that the provider (eg github, facebook, google, ...) can validate the client credentials and return a token. And you will have to configure your provider variable to point to the OAuth provider that you connect with.

$provider = new OAuthProvider([
    'clientId'                => 'XXXXXX',    // The client ID assigned to you by the provider
    'clientSecret'            => 'XXXXXX',    // The client password assigned to you by the provider
    'redirectUri'             => 'https://example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://login.provider.com/authorize', //where the user's browser should be redirected to for triggering the authentication
    'urlAccessToken'          => 'https://login.provider.com/token', //where to exchange the code for a token
    'urlResourceOwnerDetails' => 'https://login.provider.com/resource' //where to get more details about a user
]);

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider
    // Redirect the user to the authorization URL.
}

Twinfield makes use of league/oauth2-client library for implementing OAuth. Therefore, refer to https://oauth2-client.thephpleague.com/usage/ for the details on how to setup an OAuth client in the twinfield library. league/oauth2-client supports some providers out of the box and allows third-party providers. Your provider may be in any of the lists. If not, refer to the documentation of your provider to get the right URLs.