README

This package provides Canvas LMS OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Install

Require the package as below

composer require stephencoduor/oauth2-canvaslms

Use

Same as the League's OAuth client, using \stephencoduor\OAuth2\Client\Provider\CanvasLMS as the provider. Note that you can (and really should) include a purpose option parameter and you will need to include your canvasInstanceUrl.

Per the Canvas OAUth docs:

For Canvas Cloud (hosted by Instructure), you can request a client ID and secret from http://instructure.github.io/ in the Dev Key Signup section.

For open source Canvas users, you can generate a client ID and secret in the Site Admin account of your Canvas install. There will be a "Developer Keys" tab on the left navigation sidebar.

A small example:

use stephencoduor\OAuth2\Client\Provider\CanvasLMS;

session_start();

/* anti-fat-finger constant definitions */
define('CODE', 'code');
define('STATE', 'state');
define('STATE_LOCAL', 'oauth2-state');

/* Instantiate the class and pass the required configs ie clientId ,clientSecret, and urls */
$provider = new CanvasLMS([
    'clientId' => '676434567890',
    'clientSecret' => 'A8h7dZy6i4QS4GkBqrWUxr9jUdgcZobpVMCEBmOGMNa2D3Ab478A',
    'purpose' => 'Application Name here',
    'redirectUri' => 'https://' . $_SERVER['SERVER_NAME'] . '/' . $_SERVER['SCRIPT_NAME'],
    'canvasInstanceUrl' => 'https://canvas.instructure.com'
]);

/* if we don't already have an authorization code, let's get one! */
if (!isset($_GET[CODE])) {
    $authorizationUrl = $provider->getAuthorizationUrl();
    $_SESSION[STATE_LOCAL] = $provider->getState();
    header("Location: $authorizationUrl");
    exit;

/* check that the passed state matches the stored state to mitigate cross-site request forgery attacks */
} elseif (empty($_GET[STATE]) || $_GET[STATE] !== $_SESSION[STATE_LOCAL]) {
    unset($_SESSION[STATE_LOCAL]);
    exit('Invalid state');

} else {
    /* try to get an access token (using our existing code) */
    $token = $provider->getAccessToken('authorization_code', [CODE => $_GET[CODE]]);

    /* do something with that token... (probably not just print to screen, but whatevs...) */
    echo $token->getToken();
    exit;
}