--- layout: default title: Authorization server with authorization code grant permalink: /authorization-server/auth-code-grant/ --- # Authorization server with authorization code grant ## Setup Wherever you intialise your objects, initialize a new instance of the authorization server and bind the storage interfaces and authorization code grant: ~~~ php $server = new \League\OAuth2\Server\AuthorizationServer; $server->setSessionStorage(new Storage\SessionStorage); $server->setAccessTokenStorage(new Storage\AccessTokenStorage); $server->setClientStorage(new Storage\ClientStorage); $server->setScopeStorage(new Storage\ScopeStorage); $server->setAuthCodeStorage(new Storage\AuthCodeStorage); $authCodeGrant = new \League\OAuth2\Server\Grant\AuthCodeGrant(); $server->addGrantType($authCodeGrant); ~~~ ## Implementation Create a route which will respond to a request to `/oauth` which is where the client will redirect the user to. ~~~ php $router->get('/oauth', function (Request $request) use ($server) { // First ensure the parameters in the query string are correct try { $authParams = $server->getGrantType('authorization_code')->checkAuthorizeParams(); } catch (\Exception $e) { return new Response( json_encode([ 'error' => $e->errorType, 'message' => $e->getMessage() ]), $e->httpStatusCode, // All of the library's exception classes have a status code specific to the error $e->getHttpHeaders() // Some exceptions have headers which need to be sent ); } // Everything is okay, save $authParams to the a session and redirect the user to sign-in $response = new Response('', 302, [ 'Location' => '/signin' ]); return $response; }); ~~~ The user is redirected to a sign-in screen. If the user is not signed in then sign them in. ~~~ php $router->get('/signin', function (Request $request) use ($server) { if ($user) { $response = new Response('', 302, [ 'Location' => '/authorize' ]); return $response; } else { // Logic here to show the a sign-in form and sign the user in } }); ~~~ The final part is to show a web page that tells the user the name of the client, the scopes requested and two buttons, an "Approve" button and a "Deny" button. View: ~~~ php // Authorize view