/as/token.oauth2 * @param $oauthClientID - the client_id POST paramter value * @param $oauthUsername - the username to pass to the endpoint * @param $oauthPassword - the password to pass to the endpoint * @param &$result - the JSON string decoded into a PHP array * */ function pingIdentityOauth2PasswordAuthentication($oauthEndpoint, $oauthClientID, $oauthUsername, $oauthPassword, &$result) { // create the request object (Only POST method is accepted by the endpoint) $request = new HTTP_Request2($oauthEndpoint, HTTP_Request2::METHOD_POST); // set a config option to not verify the SSL // without this an exception can be thrown (A Socket connection error during verification) $request->setConfig(array('ssl_verify_peer' => false)); // add our POST parameters // the 'grant_type is predefined, and we know to be using "password" as the grant type $request->addPostParameter('grant_type', 'password'); $request->addPostParameter('client_id', $oauthClientID); $request->addPostParameter('username', $oauthUsername); $request->addPostParameter('password', $oauthPassword); // send the request, and get the response object $response = $request->send(); // get some information from the response $responseStatus = $response->getStatus(); $json = $response->getBody(); // decode the json into an associative array $result = json_decode($json, true); // lets add the response status and body into the result // after we decode the response body $result['HTTPResponseStatus'] = $responseStatus; $result['HTTPResponseBody'] = $json; // check for a good respose if ($responseStatus == 200) { // our result contains a token_type == 'Bearer, and we have an access_token // this means we authenticated properly, and now have a token that will expire if ($result['token_type'] == 'Bearer' && $result['access_token']) { return true; } } return false; } /** * Function to authenticate a user to a Ping IDentity SP server using the Oauth2 enpoint * for as "password" grant type. * * @returns boolean * * @param $oauthEndpoint - Oauth2 enpoint URL : http[s]:///as/token.oauth2 * @param $oauthClientID - the client_id POST paramter value * @param $secret - the shared secret for this grant type * @param $token - the valid token received back from an authentication * @param &$result - the JSON string decoded into a PHP array * */ function pingIdentityOauth2ValidateBearer($oauthEndpoint, $oauthClientID, $secret, $token, &$result) { // create the request object (Only POST method is accepted by the endpoint) $request = new HTTP_Request2($oauthEndpoint, HTTP_Request2::METHOD_POST); // set a config option to not verify the SSL // without this an exception can be thrown (A Socket connection error during verification) $request->setConfig(array('ssl_verify_peer' => false)); // add our POST parameters // the 'grant_type is predefined $request->addPostParameter('grant_type', 'urn:pingidentity.com:oauth2:grant_type:validate_bearer'); $request->addPostParameter('client_id', $oauthClientID); $request->addPostParameter('client_secret', $secret); $request->addPostParameter('token', $token); // send the request, and get the response object $response = $request->send(); // get some information from the response $responseStatus = $response->getStatus(); $json = $response->getBody(); // decode the json into an associative array $result = json_decode($json, true); // lets add the response status and body into the result // after we decode the response body $result['HTTPResponseStatus'] = $responseStatus; $result['HTTPResponseBody'] = $json; // check for a good respose if ($responseStatus == 200) { return true; } return false; } ?>