Integrate Steemconnect V2 User Authorisation Into Any WordPress Website

This tutorial will expand further on how to integrate Steemconnect authentication into any Wordpress website and request user authorisation.

Repository

https://github.com/WordPress/WordPress
https://github.com/steemit/steemconnect

What will I learn

Authorisation flow
Scope
Get temporary authorisation
Get offline authorisation
Store offline tokens in DB

Requirements

PHP
WordPress

Difficulty

intermediate

Tutorial

Preface

WordPress is a frequently used framework for building websites. Integrating STEEM into this ecosystem can greatly benefit both ecosystems. This tutorial will look how to get user authorisation via Steemconnect to perform actions like voting and posting for the user on their behalf.

Setting up your Steemconnect app

This tutorial is a direct continuation on Integrate Steemconnect V2 User Authentication Into Any WordPress Website.It is required in some parts of this tutorial and should be read first. Included in this is how to set up your Steemconnect app.

Authorisation flow

There are 2 different general types of authorisation that both have their own flow. There is offline access and temporary access which expires. Both are initiated by redirecting the user to a link, in which the, Steemconnect client_id, redirect_uri and the scope of the authorisation is included. When the user has approved the authorisation via Steemconnect they get redirected back to your website with either a code or access_token in the url. response_type is used for requestion offline access and must be set to code.

url = https://steemconnect.com/oauth2/authorize

Parameters:

client_id
redirect_uri
response_type
scope

Example

https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&response_type=code&scope=offline,vote

After the user has loggin in on Steemconnect with their STEEM account the user will be redirected back to the redirect_uri and the url will contain the data variables.
Temporary access response:

?access_token=ACCESS_TOKEN&expires_in=36000

Offline access response:

?code=CODE

This code in then used in a POST request to get the access_token, refresh_token and expires_in. The refresh_token does not expire.

Scope

Steemconnect allows for different authorisation rights. There are called the scope. Below is a table of the full list. In order to get a certain authorisation it must be passed in the request url under scope. Use a comma , to separate multiple commands.

login	Verify Steem identity
offline	Allow long-lived token
vote	Upvote, downvote or unvote a post or comment
comment	Publish or edit a post or a comment
delete_comment	Delete a post or a comment
comment_options	Add options for a post or comment
custom_json	Follow, unfollow, ignore, reblog or any `custom_json` operation
claim_reward_balance	Claim reward for user

Source

Get temporary authorisation

Obtaining temporary authorisation is done by directing the user to Steemconnect via the request url with the scope for the desired authorisation. This example will request voting and commenting rights.

https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&scope=vote,comment

Set the redirect_url for the page you want the user to return to and us the GET command to retrieve the access_token from the url.

if (isset($_GET['access_token'])) {
  $access_token_token = $_GET['access_token']
  $expire_in = $_GET['expire_in']
}

These variables can either be stored in the user's session or in the database.

Get offline authorisation

Similar to obtaining temporary authorisation the user has to be directed to a request url to Steemconnect containing the scope of the desired authorisation. This example will request offline voting rights.

https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&response_type=code&scope=offline,vote

When the user has returned, a POST request will be send to Steemconnect containing the code and your client_secret.

if (isset($_GET['code'])) {

  // Params for POST request
  $data = array(
      'code' => $_GET['code'],
      'client_secret' => SC_CLIENT_SECRET
  );

  $payload = json_encode($data);

  // Prepare new cURL resource
  $ch = curl_init('https://steemconnect.com/api/oauth2/token');
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLINFO_HEADER_OUT, true);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);

  // Set HTTP Header for POST request
  curl_setopt($ch, CURLOPT_HTTPHEADER, array(
      'Content-Type: application/json',
      'Content-Length: ' . strlen($payload))
  );

  // Submit the POST request
  $result = curl_exec($ch);

  // Close cURL session handle
  curl_close($ch);

  $json = json_decode($result);

This will return an array containing the access_token, refresh_token and expire_in variables.

Store offline tokens in DB

To store the data in the database first the following table has to made.

CREATE TABLE `steem_authorization` (
  `id` int(11) NOT NULL,
  `access_token` text NOT NULL,
  `user_login` varchar(20) NOT NULL,
  `expires_in` datetime NOT NULL,
  `refresh_token` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

The result from the POST request is decoded and the expire_on date is calculated by taking the current time and adding expire_in to it.

$json = json_decode($result);
$date = date("Y/m/d H:G:s", time() + $json->expires_in);

// Add tokens to the database
global $wpdb;
$wpdb->query("INSERT INTO `steem_authorization` (`id`, `access_token`, " .
"`user_login`, `expires_in`, `refresh_token`) VALUES (NULL, " .
"'" . $json->access_token . "', '" . $json->username ."', '" .
$date . "', '" . $json->refresh_token ."') ON DUPLICATE KEY UPDATE " .
"`user_login`='" . $json->username ."';");

Note: For user_login to be the same as their STEEM acount the user must be logged in via Steemconnect as shown in the previous tutorial.

Curriculum

Part 1 - Integrate Steemconnect V2 User Authentication Into Any WordPress Website

This tutorial was written by @juliank.

Sort Order:

Trending

[-]

portugalcoin (72) · 6 years ago

Thank you for your contribution.

This tutorial will also be very useful to me.

Thank you for this good work.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.

Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

$0.03

2 votes

freetissues (49) · 6 years ago

Thank you for wondefull tuts. I managed to follow Part 1 and got the login for the user. Now trying to follow this tut but I find it hard to find where I need to add these to make it work. Have to say total noob here.

$0.00

1 vote

juliank (70) · 6 years ago

Glad to hear that. You can place the code inside a special file, lets say authentication.php and then include this file into the header.php.

Basically, the page where the user will get redirectes back to. The uri you set in the link. That page will need to have the file included

$0.10

ceruleanblue (56) · 6 years ago

Awesome stuff! Anything to further enhance the Steem platform is only fueling everyone here even further.

utopian-io (71) · 6 years ago

Hey @steempytutorials
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!