LaraWoW Part 1 - Fetch Access Token
Damion Voshall
Software Engineer @ DiscordBrowser | Contributor to Larascord, a Laravel Discord API wrapper | PHP Laravel Full-Stack Software Solutions
Today, I am starting development on a Laravel wrapper for the battle.net API. I want this wrapper to interact with World of Warcraft at first.
You can find this test project here
The first step is creating a very basic project that interacts with the API to run tests.
Let's start by creating a battle.net account.
Create a battle.net account and set up the authenticator with the mobile-app.
Next step is heading over to develop.battle.net and create the Client.
This will give you your Client ID, and Client Secret.
After pressing save, you will have access to the Client ID and Secret Key.
I will be adding these to the .env file in Laravel.
After adding these values to the .env, we need to access them with a config file.
Next step will be creating the route to make an authorization request.
According to the documentation, we need to send the user to https://oauth.battle.net/authorize with our specifications. We must provide the redirect_uri, scopes, client_id, state, and response_type. This will redirect the user to battle.net and allow them to link their account.
Let's move on to the routes.
I went ahead and created a login route that triggers the redirect method in a new controller called LarawowController. Let's create that method.
Here is the redirect method within the LarawowController.
We are creating a state variable with a random string to make sure the request doesn't get intercepted. We're saving it to a session so that we can verify it later.
We are adding some parameters to the URL, such as the:
Finally, we send the user to that URL we built. This will end up looking something like this:
Now when you go to your 'login' route, it should redirect you correctly!
If you see this screen, congrats! You're ready for the next step!
领英推荐
After authorizing, battle.net is going to redirect your user to the specified redirect_uri. So let's create that route.
This route is calling the 'get' method of the LarawowController. Let's create that method now.
Here is the first version of the 'get' method in the LarawowController.
This is where we make sure the state returned matches the state that we stored in a session.
If the state is correct. We're going to check and make sure we received a code.
Looks like we were successful! Now we can use this code to get the Access Token for our user!
Let's create a Service to handle this for us. This way our controller will stick to only having one job.
Perfect, now let's bring in the parameters we're going to need for this Access Token Request.
According to the documentation, we're going to need the:
Let's initialize those in the new service we created.
Here we're constructing the necessary values needed to make the Authorization Token request. The only parameter missing is the code. We will pass that from the controller soon. Let's create the method that requests the Access Token.
Here is the method to request the Access Token. We are getting the code as a parameter and using it in the request. The header consists of and Authorization type with a 'Basic' authentication which encodes the client id and client secret. We pass the type of content we are sending to the endpoint as well, which is x-www-form-urlencoded. Within the body, we have the grant type, the code that was passed, and the redirect uri. Let's call this method from the controller.
We implemented a try-catch block to retrieve the access token using the code. This catch block uses a very basic error response, we will implement better exceptions soon.
As you saw, we placed a die dump in the getAccessToken method. Let's go to the /login now and see what happens.
If this is what you see, then congrats! You successfully retrieved the Access Token! This token can now be used to pass data back and forth between your application and the battle.net api endpoints! Your user has successfully logged in using their battle.net account.
I will end this article here. Next we will start getting some information using the Access Token! All of the code will be on Github here.
Contributions are welcome! Hope this helped out someone in need of using the OAuth flow!
Quick recap:
Full Stack Software Engineer @ Nebulai
1 年This is really cool, Damion. I had no idea battle.net had an API! What's the goal/objective of the overall project? Also, the Neovim screenshots are lovely.