php实现paypal 授权登录

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

<?php

/**

* @project paypal login

* @author jiangjianhe

* @date 2015-04-03

*/

class paypallogin

{

//沙箱token链接

private $_sanbox_oauth2_auth_uri = 'https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize';

private $_live_oauth2_auth_uri = 'https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize';

private $_acquire_user_profile_sandbox_url = 'https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/userinfo?schema=openid&access_token=';

private $_acquire_user_profile_live_url = 'https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/userinfo?schema=openid&access_token=';

//沙箱token链接

private $_token_service_sandbox_url = 'https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice';

private $_token_service_live_url = 'https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice';

private $_sanbox_flag = true;

private $_client_id = null;

private $_client_secret = null;

private $_redirect_uri = null;

private $_state = '';

private $_scope = 'openid email phone profile address https://uri.paypal.com/services/paypalattributes'; //scope 参数决定访问令牌的访问权限 各个参数详解url;:https://www.paypal-biz.com/product/login-with-paypal/index.html#configureButton

public $token = null;

public $protocol = "http";

/**

* @name 构造函数

* @param $flag 是否沙箱环境

*/

public function __construct($redirect_uri, $client_id,$client_secret,$scope,$state,$flag = true)

{

$this->_sanbox_flag = $flag;

$this->_redirect_uri = $redirect_uri;

$this->_client_id = $client_id;

$this->_client_secret = $client_secret;

$this->_scope = $scope;

$this->_state = $state;

}

/**

* 创建paypal request url

* @return string

*/

public function create_request_url()

{

$oauth2_auth_uri = $this->_sanbox_flag ? $this->_sanbox_oauth2_auth_uri :$this->_live_oauth2_auth_uri;

$url = $oauth2_auth_uri.'?'.

http_build_query(

array(

'client_id' => $this->_client_id, //通过应用程序注册流程获得的唯一客户端标识符。必需。

'response_type' =>'code', //表明授权代码被发送回应用程序返回URL。为了使访问令牌在用户代理中不可见， 建议使用<code>code</code>一值。如果您希望在响应中同时收到授权代码和 id_token ，请传递 code+id_token。另一个可能的 response_type 值是 token ——大部分由javascript和移动客户端等公共客户端使用。

'scope' => $this->_scope,//;implode(',', $this->scope),

'redirect_uri' => urlencode($this->_redirect_uri), //应用程序的返回URL。结构、主机名和端口必须与您在注册应用程序时设置的返回URL相符。

'nonce' => time().rand(), //不透明的随机标识符，可减少重放攻击风险。简单的函数是：(timestamp + Base64 encoding (random\[16\]))。

'state' => $this->_state, // CSRF验证码

)

);

return $url;

}

/**

* get PayPal access token

* @param string $code ?

* @return string access token

*/

public function acquire_access_token($code ) {

$accessToken = null;

try {

$postvals = sprintf("client_id=%s&client_secret=%s&grant_type=authorization_code&code=%s",$this->_client_id,$this->_client_secret,$code);

if($this->_sanbox_flag)

$ch = curl_init($this->_token_service_sandbox_url);

else

$ch = curl_init($this->_token_service_live_url);

$options = array(

CURLOPT_POST => 1,

CURLOPT_VERBOSE => 1,

CURLOPT_POSTFIELDS => $postvals,

CURLOPT_RETURNTRANSFER => 1,

CURLOPT_SSL_VERIFYPEER => FALSE,

//CURLOPT_SSLVERSION => 2

);

curl_setopt_array($ch, $options);

$response = curl_exec($ch);

$error = curl_error($ch);

curl_close( $ch );

if (!$response ) {

throw new Exception( "Error retrieving access token: " . curl_error($ch));

}

$jsonResponse = json_decode($response );

if ( isset( $jsonResponse->access_token) ) {

$accessToken = $jsonResponse->access_token;

}

} catch( Exception $e) {

throw new Exception($e->getMessage(), 1);

}

return $accessToken;

}

/**

* get the PayPal user profile, decoded

* @param string $accessToken

* @return object

*/

public function acquire_paypal_user_profile($accessToken ) {

try {

if($this->_sanbox_flag)

$url = $this->_acquire_user_profile_sandbox_url . $accessToken;

else

$url = $this->_acquire_user_profile_live_url . $accessToken;

$ch = curl_init( $url );

$options = array(

CURLOPT_RETURNTRANSFER => 1,

CURLOPT_SSL_VERIFYPEER => FALSE,

//CURLOPT_SSLVERSION => 2

);

curl_setopt_array($ch, $options);

$response = curl_exec($ch);

$error = curl_error( $ch);

curl_close( $ch );

if (!$response )

{

return false;

}

return json_decode($response);

} catch( Exception $e ) {

return false;

}

}

}

?>