diff --git a/src/Google/Auth/OAuth2.php b/src/Google/Auth/OAuth2.php index 2fa3fd0e7..5630d755e 100644 --- a/src/Google/Auth/OAuth2.php +++ b/src/Google/Auth/OAuth2.php @@ -149,13 +149,14 @@ public function createAuthUrl($scope) 'client_id' => $this->client->getClassConfig($this, 'client_id'), 'scope' => $scope, 'access_type' => $this->client->getClassConfig($this, 'access_type'), - 'approval_prompt' => $this->client->getClassConfig($this, 'approval_prompt'), ); - $login_hint = $this->client->getClassConfig($this, 'login_hint'); - if ($login_hint != '') { - $params['login_hint'] = $login_hint; - } + $params = $this->maybeAddParam($params, 'approval_prompt'); + $params = $this->maybeAddParam($params, 'login_hint'); + $params = $this->maybeAddParam($params, 'hd'); + $params = $this->maybeAddParam($params, 'openid.realm'); + $params = $this->maybeAddParam($params, 'prompt'); + $params = $this->maybeAddParam($params, 'include_granted_scopes'); // If the list of scopes contains plus.login, add request_visible_actions // to auth URL. @@ -604,4 +605,16 @@ public function verifySignedJwtWithCerts( // All good. return new Google_Auth_LoginTicket($envelope, $payload); } + + /** + * Add a parameter to the auth params if not empty string. + */ + private function maybeAddParam($params, $name) + { + $param = $this->client->getClassConfig($this, $name); + if ($param != '') { + $params[$name] = $param; + } + return $params; + } } diff --git a/src/Google/Client.php b/src/Google/Client.php index 5ca92373f..e15b4f4ea 100644 --- a/src/Google/Client.php +++ b/src/Google/Client.php @@ -247,7 +247,7 @@ public function getAccessToken() // in the library. return (null == $token || 'null' == $token || '[]' == $token) ? null : $token; } - + /** * Get the OAuth 2.0 refresh token. * @return string $refreshToken refresh token or null if not available @@ -367,6 +367,50 @@ public function setDeveloperKey($developerKey) $this->config->setDeveloperKey($developerKey); } + /** + * Set the hd (hosted domain) parameter streamlines the login process for + * Google Apps hosted accounts. By including the domain of the user, you + * restrict sign-in to accounts at that domain. + * @param $hd string - the domain to use. + */ + public function setHostedDomain($hd) + { + $this->config->setHostedDomain($hd); + } + + /** + * Set the prompt hint. Valid values are none, consent and select_account. + * If no value is specified and the user has not previously authorized + * access, then the user is shown a consent screen. + * @param $prompt string + */ + public function setPrompt($prompt) + { + $this->config->setPrompt($prompt); + } + + /** + * openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth + * 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which + * an authentication request is valid. + * @param $realm string - the URL-space to use. + */ + public function setOpenidRealm($realm) + { + $this->config->setOpenidRealm($realm); + } + + /** + * If this is provided with the value true, and the authorization request is + * granted, the authorization will include any previous authorizations + * granted to this user/application combination for other scopes. + * @param $include boolean - the URL-space to use. + */ + public function setIncludeGrantedScopes($include) + { + $this->config->setIncludeGrantedScopes($include); + } + /** * Fetches a fresh OAuth 2.0 access token with the given refresh token. * @param string $refreshToken diff --git a/src/Google/Config.php b/src/Google/Config.php index 97e8bd375..84083058f 100644 --- a/src/Google/Config.php +++ b/src/Google/Config.php @@ -30,7 +30,7 @@ class Google_Config /** * Create a new Google_Config. Can accept an ini file location with the * local configuration. For example: - * application_name: "My App"; + * application_name="My App" * * @param [$ini_file_location] - optional - The location of the ini file to load */ @@ -78,10 +78,14 @@ public function __construct($ini_file_location = null) 'developer_key' => '', // Other parameters. - 'access_type' => 'online', - 'approval_prompt' => 'auto', + 'hd' => '', + 'prompt' => '', + 'openid.realm' => '', + 'include_granted_scopes' => '', 'login_hint' => '', 'request_visible_actions' => '', + 'access_type' => 'online', + 'approval_prompt' => 'auto', 'federated_signon_certs_url' => 'https://www.googleapis.com/oauth2/v1/certs', ), @@ -297,6 +301,53 @@ public function setDeveloperKey($key) $this->setAuthConfig('developer_key', $key); } + /** + * Set the hd (hosted domain) parameter streamlines the login process for + * Google Apps hosted accounts. By including the domain of the user, you + * restrict sign-in to accounts at that domain. + * @param $hd string - the domain to use. + */ + public function setHostedDomain($hd) + { + $this->setAuthConfig('hd', $hd); + } + + /** + * Set the prompt hint. Valid values are none, consent and select_account. + * If no value is specified and the user has not previously authorized + * access, then the user is shown a consent screen. + * @param $prompt string + */ + public function setPrompt($prompt) + { + $this->setAuthConfig('prompt', $prompt); + } + + /** + * openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth + * 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which + * an authentication request is valid. + * @param $realm string - the URL-space to use. + */ + public function setOpenidRealm($realm) + { + $this->setAuthConfig('openid.realm', $realm); + } + + /** + * If this is provided with the value true, and the authorization request is + * granted, the authorization will include any previous authorizations + * granted to this user/application combination for other scopes. + * @param $include boolean - the URL-space to use. + */ + public function setIncludeGrantedScopes($include) + { + $this->setAuthConfig( + 'include_granted_scopes', + $include ? "true" : "false" + ); + } + /** * @return string the base URL to use for API calls */ diff --git a/src/Google/Http/MediaFileUpload.php b/src/Google/Http/MediaFileUpload.php index 35c32e98e..8005db4bb 100644 --- a/src/Google/Http/MediaFileUpload.php +++ b/src/Google/Http/MediaFileUpload.php @@ -288,13 +288,13 @@ private function getResumeUri() return $location; } $message = $code; - $body = @json_decode( $response->getResponseBody() ); - if ( ! empty( $body->error->errors ) ) { + $body = @json_decode($response->getResponseBody()); + if (!empty( $body->error->errors ) ) { $message .= ': '; - foreach( $body->error->errors as $error ) { + foreach ($body->error->errors as $error) { $message .= "{$error->domain}, {$error->message};"; } - $message = rtrim( $message, ';' ); + $message = rtrim($message, ';'); } throw new Google_Exception("Failed to start the resumable upload (HTTP {$message})"); } diff --git a/tests/general/ApiOAuth2Test.php b/tests/general/ApiOAuth2Test.php index d76b36a92..79ab7a406 100644 --- a/tests/general/ApiOAuth2Test.php +++ b/tests/general/ApiOAuth2Test.php @@ -130,6 +130,10 @@ public function testCreateAuthUrl() // Again with a blank login hint (should remove all traces from authUrl) $client->setLoginHint(""); + $client->setHostedDomain("example.com"); + $client->setOpenidRealm("example.com"); + $client->setPrompt("select_account"); + $client->setIncludeGrantedScopes(true); $authUrl = $oauth->createAuthUrl("http://googleapis.com/scope/foo"); $expected = "https://accounts.google.com/o/oauth2/auth" . "?response_type=code" @@ -137,7 +141,11 @@ public function testCreateAuthUrl() . "&client_id=clientId1" . "&scope=http%3A%2F%2Fgoogleapis.com%2Fscope%2Ffoo" . "&access_type=offline" - . "&approval_prompt=force"; + . "&approval_prompt=force" + . "&hd=example.com" + . "&openid.realm=example.com" + . "&prompt=select_account" + . "&include_granted_scopes=true"; $this->assertEquals($expected, $authUrl); }