This tutorial will expand further on how to integrate Steemconnect authentication into any Wordpress website and request user authorisation.
Repository
https://github.com/WordPress/WordPress
https://github.com/steemit/steemconnect
What will I learn
- Authorisation flow
- Scope
- Get temporary authorisation
- Get offline authorisation
- Store offline tokens in DB
Requirements
- PHP
- WordPress
Difficulty
- intermediate
Tutorial
Preface
WordPress is a frequently used framework for building websites. Integrating STEEM into this ecosystem can greatly benefit both ecosystems. This tutorial will look how to get user authorisation via Steemconnect to perform actions like voting and posting for the user on their behalf.
Setting up your Steemconnect app
This tutorial is a direct continuation on Integrate Steemconnect V2 User Authentication Into Any WordPress Website.It is required in some parts of this tutorial and should be read first. Included in this is how to set up your Steemconnect app.
Authorisation flow
There are 2 different general types of authorisation that both have their own flow. There is offline access and temporary access which expires. Both are initiated by redirecting the user to a link, in which the, Steemconnect client_id, redirect_uri and the scope of the authorisation is included. When the user has approved the authorisation via Steemconnect they get redirected back to your website with either a code or access_token in the url. response_type is used for requestion offline access and must be set to code.
url = https://steemconnect.com/oauth2/authorize
Parameters:
- client_id
- redirect_uri
- response_type
- scope
Example
https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&response_type=code&scope=offline,vote
After the user has loggin in on Steemconnect with their STEEM account the user will be redirected back to the redirect_uri and the url will contain the data variables.
Temporary access response:
?access_token=ACCESS_TOKEN&expires_in=36000
Offline access response:
?code=CODE
This code in then used in a POST request to get the access_token, refresh_token and expires_in. The refresh_token does not expire.
Scope
Steemconnect allows for different authorisation rights. There are called the scope. Below is a table of the full list. In order to get a certain authorisation it must be passed in the request url under scope. Use a comma , to separate multiple commands.
| login | Verify Steem identity |
| offline | Allow long-lived token |
| vote | Upvote, downvote or unvote a post or comment |
| comment | Publish or edit a post or a comment |
| delete_comment | Delete a post or a comment |
| comment_options | Add options for a post or comment |
| custom_json | Follow, unfollow, ignore, reblog or any custom_json operation |
| claim_reward_balance | Claim reward for user |
Get temporary authorisation
Obtaining temporary authorisation is done by directing the user to Steemconnect via the request url with the scope for the desired authorisation. This example will request voting and commenting rights.
https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&scope=vote,comment
Set the redirect_url for the page you want the user to return to and us the GET command to retrieve the access_token from the url.
if (isset($_GET['access_token'])) {
$access_token_token = $_GET['access_token']
$expire_in = $_GET['expire_in']
}
These variables can either be stored in the user's session or in the database.
Get offline authorisation
Similar to obtaining temporary authorisation the user has to be directed to a request url to Steemconnect containing the scope of the desired authorisation. This example will request offline voting rights.
https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&response_type=code&scope=offline,vote
When the user has returned, a POST request will be send to Steemconnect containing the code and your client_secret.
if (isset($_GET['code'])) {
// Params for POST request
$data = array(
'code' => $_GET['code'],
'client_secret' => SC_CLIENT_SECRET
);
$payload = json_encode($data);
// Prepare new cURL resource
$ch = curl_init('https://steemconnect.com/api/oauth2/token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
// Set HTTP Header for POST request
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($payload))
);
// Submit the POST request
$result = curl_exec($ch);
// Close cURL session handle
curl_close($ch);
$json = json_decode($result);
This will return an array containing the access_token, refresh_token and expire_in variables.
Store offline tokens in DB
To store the data in the database first the following table has to made.
CREATE TABLE `steem_authorization` (
`id` int(11) NOT NULL,
`access_token` text NOT NULL,
`user_login` varchar(20) NOT NULL,
`expires_in` datetime NOT NULL,
`refresh_token` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
The result from the POST request is decoded and the expire_on date is calculated by taking the current time and adding expire_in to it.
$json = json_decode($result);
$date = date("Y/m/d H:G:s", time() + $json->expires_in);
// Add tokens to the database
global $wpdb;
$wpdb->query("INSERT INTO `steem_authorization` (`id`, `access_token`, " .
"`user_login`, `expires_in`, `refresh_token`) VALUES (NULL, " .
"'" . $json->access_token . "', '" . $json->username ."', '" .
$date . "', '" . $json->refresh_token ."') ON DUPLICATE KEY UPDATE " .
"`user_login`='" . $json->username ."';");
Note: For user_login to be the same as their STEEM acount the user must be logged in via Steemconnect as shown in the previous tutorial.
Curriculum
Part 1 - Integrate Steemconnect V2 User Authentication Into Any WordPress Website
This tutorial was written by @juliank.