|
|
PHP code listingsCode listings overviewYou can download the following sample code from https://ps-wave.adobe.com/pubsdk/samples.zip:
apiToken.phpIn the following example, the resource returns the API token in XML format. <?php
/*
This example demonstrates how a publisher obtains an API token.
A valid Adobe ID and password must be passed in the command line.
If the credentials are valid the API token will be written to a file
apiToken.txt
*/
// URL used for authentication
$endpoint = 'https://id-wave.adobe.com/identity/1.0/auth/apitoken.xml';
if ($argc != 3) {
die("Usage: apiToken.php <Adobe ID> <password>\n");
}
// Adobe ID and password of user with permission to publish to a feed.
$username = $argv[1];
$password = $argv[2];
// API token that will be returned from the authorization call
$api_token = '';
// Initialize CURL handle
$curl_handle = curl_init();
// set the URL
curl_setopt($curl_handle, CURLOPT_URL, $endpoint);
// set the HTTP method to POST
curl_setopt($curl_handle, CURLOPT_POST, 1);
// pass the credentials either as a parameter array ...
//$token_request_properties = array(
// 'username'=> $username,
// 'password'=> $password);
// Note that in some PHP installations you must set the delimiter
// explicitly to '&'. See documentation for http_build_query()
//$post_fields_string= http_build_query($token_request_properties);
//curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $post_fields_string);
// ... or as a Basic Authentication header. BUT NOT BOTH WAYS.
// We always use HTTPS so Basic Authentication is secured
curl_setopt($curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl_handle, CURLOPT_USERPWD, $username.':'.$password);
// return the results to a variable and not to the output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
// If you can't connect try skipping the SSL peer verification
//curl_setopt($curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
//or configure the location of the CA certificates
//curl_setopt($curl_handle, CURLOPT_CAINFO,$certs_dir);
// execute the HTTP POST request
$result = curl_exec($curl_handle);
if (!$result) {
// Maybe a problem with curl? SSL CA certs installed?
header("HTTP/1.0 500 Internal Error", false, 500);
echo "Could not execute request to URL $endpoint";
echo curl_errno($curl_handle) . " - " . curl_error($curl_handle);
curl_close($curl_handle);
return;
}
// Get HTTP status code from the response. A non-200 value indicates an error.
$info = curl_getinfo($curl_handle);
$http_code = $info['http_code'];
curl_close($curl_handle);
if($http_code == '200') {
// parse the result XML
if (! ($xml_parser = xml_parser_create()) ) {
die ('Cannot create parser');
}
xml_set_element_handler($xml_parser, 'start_element', 'end_element');
xml_set_character_data_handler($xml_parser, 'content');
if (!xml_parse($xml_parser, $result, true)) {
$reason = xml_error_string(xml_get_error_code($xml_parser));
$reason .= xml_get_current_line_number($xml_parser);
die($reason);
}
$token_found = false;
xml_parser_free($xml_parser);
// Save the API token for sending notifications.
// The token will eventually expire at which time any
// notification API calls will return a "401 Unauthorized" error.
$handle = fopen('apiToken.txt', 'w');
fputs($handle, $api_token);
fclose($handle);
}
else {
// Handle HTTP connection errors and the "Unauthorized" scenario.
echo "HTTP status: $http_code\n";
}
function start_element($parser, $name, $attribs) {
global $token_found;
if ($name == 'APITOKEN') {
$token_found = true;
}
}
function end_element($parser, $name) {
}
function content($parser, $data) {
global $api_token, $token_found;
if ($token_found && $api_token == '') {
$api_token = $data;
echo "Token Found, check apiToken.txt\n";
}
}
?>
notification.phpThe following example sends a notification to a known recipient. The Adobe Wave Desktop Client redirects the subscriber to the publisher’s web page (www.funwithothers.com) when the subscriber clicks the notification. You can replace this web page with an address of your choice. <?php
/*
This example demonstrates how a publisher calls the notification API
to send a broadcast or point-to-point message.
A valid API token must be contained in apiToken.php
The topic URI can be obtained from the Publisher Portal application.
Look up the feed details information and copy the URI
The link URL is the HTTP address that will be called when the user
clicks on the message toast.
To send notifications the API token must be for a caller who has
publishing permissions for the feed that provides the given topic.
*/
// URL used for notification
$endpoint = 'https://p000-wave.adobe.com/notificationgateway/1.0/notification';
// Set the notification variables, this page can be called from a PHP shell
// or served by an HTTP request
if ($argc >= 2) {
$topic = $argv[1];
}
else {
$topic = $_REQUEST['topic'];
}
if ($argc >= 3) {
$message = $argv[2];
}
else {
$message = $_REQUEST['message'];
}
if ($argc >= 4) {
$link = $argv[3];
}
else {
$link = $_REQUEST['link'];
}
// BEGIN thumbnail SECTION
if ($argc >= 5) {
$imagefile = "@".$argv[4];
}
else {
if ($_FILES['thumbnail']['size'] > 0) {
$imagefile = "@".$_FILES['thumbnail']['tmp_name'];
} else {
$imagefile = "";
}
}
if ($argc >= 6) {
$imagemimetype = $argv[5];
}
else {
// retrieves the image type specified by the browser
// for the thumbnail file that was uploaded.
$imagemimetype = $_FILES['thumbnail']['type'];
}
// the accesstoken parameter is optional and only used
// for point-to-point notifications
if ($argc >= 7) {
$access_token = $argv[6];
}
else {
$access_token = $_REQUEST['accesstoken'];
}
// END thumbnail SECTION
// BEGIN url SECTION
// note that instead of specfiying a thumbnail and a
// mime type, an image url can be specified and the image
// will be retrieved by our server before the message is sent.
// See authorization_success.php to enable image urls.
// To enable image urls in this script, comment out the
// thumbnail section above, and uncomment this section (url)
//if ($argc >= 5) {
// $imagemimetype = $argv[4];
//}
//else {
// $imagemimetype = $_REQUEST['imageurl'];
//}
// the accesstoken parameter is optional and only used
// for point-to-point notifications
//if ($argc >= 6) {
// $access_token = $argv[5];
//}
//else {
// $access_token = $_REQUEST['accesstoken'];
//}
// END url SECTION
if (empty($topic)) {
if (!empty($argv[0])) {
die("Usage: notification.php <topicURI> <message> " .
"[<linkURL> [<imageURL> <image mime-type> [accesToken]]]\n");
}
else {
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 400 Bad Request", false, 400);
echo "Missing parameter: topic\n";
echo $_REQUEST['topic'];
return;
}
}
if (empty($message)) {
if (!empty($argv[0])) {
die("Usage: notification.php <topicURI> <message> " .
"[<linkURL> [<imageURL> [accesToken]]]\n");
}
else {
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 400 Bad Request", false, 400);
echo "Missing parameter: message";
return;
}
}
// API token acquired by publisher using authentication API (see apiToken.php)
$api_token = trim(file_get_contents('apiToken.txt'));
// handle preconditions that can fail
if (empty($api_token)) {
$error_msg =
"You must acquire an API token and store it in a file 'apiToken.txt'\n".
"Call the apiToken.php script and pass your Adobe ID and password.\n".
"This script will store the API token in the file.\n";
if (!empty($argv[0])) {
die($error_msg);
}
else {
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 500 Internal Error", false, 500);
echo $error_msg;
return;
}
}
$notification_properties = array(
'X-apitoken' => $api_token,
'topic' => $topic,
'message' => $message,
'link' => $link,
'image' => $imagefile,
'imagetype' => $imagemimetype,
// if using an image url instead of specifying a thumbnail, disable the above two
// parameters.
// 'imageurl' => $imageurl,
'accesstoken' => $access_token);
// Initialize CURL handle
$curl_handle = curl_init();
// set the URL
curl_setopt($curl_handle, CURLOPT_URL, $endpoint);
// set the HTTP method to POST
curl_setopt($curl_handle, CURLOPT_POST, 1);
// add the parameters, by default the content type is
// multipart/form-data
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $notification_properties);
// return the results to a variable and not to the output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
// If you can't connect try skipping the SSL peer verification
//curl_setopt($curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
//or configure the location of the CA certificates
//curl_setopt($curl_handle, CURLOPT_CAINFO,$certs_dir);
// execute the HTTP POST request
$result = curl_exec($curl_handle);
// Get HTTP status code from the response. A non-204 value indicates an error.
$info = curl_getinfo($curl_handle);
$http_code = $info['http_code'];
// close the handle and free resources
curl_close($curl_handle);
if($http_code == 204) {
// 204 => No Content. There is no content returned in the HTTP body
if (!empty($argv[0])) {
echo "Message sent\n";
}
else {
header("HTTP/1.0 $http_code", true, $http_code);
}
}
else {
if (!$result) {
// Maybe a problem with curl? SSL CA certs installed?
header("HTTP/1.0 500 Internal Error", false, 500);
echo "Could not execute request to URL $endpoint";
echo curl_errno($curl_handle) . " - " . curl_error($curl_handle);
curl_close($curl_handle);
return;
} else {
// Handle HTTP connection errors and the "Unauthorized" scenario.
echo "HTTP status: $http_code\n";
}
}
?>
initiation.phpThe following example script shows the steps a publisher service must implement for point-to-point feeds. The PHP file can be used in a PHP-enabled HTTP server. Make sure that the URL at which the PHP file is served is accessible from the computer running the Adobe Wave Desktop Client. <?php
/*
This page is served by a web server! The URL under which it is served
is set in the feed (Initiation URL) using the Publisher Portal.
The Wave client calls this URL directly without opening a browser and
the output will be directly transmitted to the Wave client.
The page URL is called by the Wave client when the user authorizes the
publisher to send point-to-point notifications to the users desktop.
It does the following:
1) Send an HTTP request to the OAuth provider to get a request token (RT).
The request token identifies the publisher and still needs to be
authorized. To authenticate the publisher the OAuth consumer key and
consumer secret must be provided. The consumer key is the Adobe ID and the
secret is the Adobe ID password. With the request token a request token
secret (RTS) is returned.
2) Store an association between the RT and the RTS in the file
requestTokens.txt. The format is oauth_token=<RT>&oauth_token_secret=<RTS>
3) Return the RT to the Wave client. The format of the response must be
oauth_token=<RT> with no extra characters after the token not even a
newline character.
After the user has authorized the linking of their Wave account and
publisher accounts, the Wave client will call the publisher's callback URL
(see callback.php). The client will pass the original RT as a URL parameter
to the callback page. The logic in the callback URL looks up the
corresponding request token secret, which the callback.php uses to
finally request an access token.
*/
// URL used to obtain a request token
$endpoint = "https://id-wave.adobe.com/identity/1.0/oauth/requesttoken";
if ($argc >= 3) {
// for testing purposes the script can be called from a shell
// Publisher's Adobe ID, the publisher must be a feed admin user
$oauth_consumer_key = $argv[1];
// password for the Adobe ID above
$oauth_consumer_secret = $argv[2];
}
else {
// when this page is served from an HTTP server credentials must be
// looked up from a persistent store.
// remember to use encryption when storing credentials in a production
// environment
$consumer_credentials = trim(file_get_contents('consumerCredentials.txt'));
parse_str($consumer_credentials);
}
if (empty($oauth_consumer_key)||
empty($oauth_consumer_secret)) {
if (!empty($argv[0])) {
die("Usage: initiation.php <consumer key> <consumer credentials>\n");
}
else {
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 500 Internal Error", false, 500);
echo "The consumer credentials should be set in a file ".
"'consumerCredentials.txt'\nThe format is: ".
"oauth_consumer_key=ADOBE_ID&oauth_consumer_secret=PASSWORD";
return;
}
}
// OAuth signature method, it's ok since we are using HTTPS
$oauth_signature_method = 'PLAINTEXT';
// The following fields are required for consistency with OAuth protocol
// The timestamp value MUST be a positive integer and MUST be equal
// or greater than the timestamp used in previous requests.
$oauth_timestamp = time(); // must be in valid timestamp format.
// a Nonce value that is unique for all requests with that timestamp
$oauth_nonce = rand();
// Request token that will be returned to Wave client
$oauth_token = '';
// OAuth request token parameter array
$token_request_properties = array(
'oauth_consumer_key' => $oauth_consumer_key,
'oauth_signature' => $oauth_consumer_secret,
'oauth_signature_method' => $oauth_signature_method,
'oauth_timestamp' => $oauth_timestamp,
'oauth_nonce' => $oauth_nonce);
// Gather request parameters into string form for posting.
// Note that in some PHP installations you must set the delimiter
// explicitly to '&'. See documentation for http_build_query()
$post_fields_string= http_build_query($token_request_properties);
// initialize curl handle
$curl_handle = curl_init();
// set the URL
curl_setopt($curl_handle, CURLOPT_URL, $endpoint);
// set the HTTP method to POST
curl_setopt($curl_handle, CURLOPT_POST, 1);
// add the parameters, by default the content type is
// application/x-www-form-urlencoded
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $post_fields_string);
// return the results to a variable and not to the output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
// If you can't connect try skipping the SSL peer verification
//curl_setopt($curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
//or configure the location of the CA certificates
//curl_setopt($curl_handle, CURLOPT_CAINFO,$certs_dir);
// execute the HTTP POST request
$result = curl_exec($curl_handle);
if (!$result) {
// Maybe a problem with curl? SSL CA certs installed?
header("HTTP/1.0 500 Internal Error", false, 500);
echo "Could not execute request to URL $endpoint";
echo curl_errno($curl_handle) . " - " . curl_error($curl_handle);
curl_close($curl_handle);
return;
}
// Get HTTP status code from the response. A non-200 value indicates an error.
$info = curl_getinfo($curl_handle);
$http_code = $info['http_code'];
curl_close($curl_handle);
if($http_code == "200") {
// The result returned by OAuth provider looks like this:
// oauth_token=<RT>&oauth_token_secret=<RTS>
// Parse $result into $oauth_token and $oauth_token_secret variables
// We need to return $oauth_token to the Wave client in the HTTP response,
// but also persist both values for later use.
parse_str(trim($result));
// Save request token and request token secret to a text file.
// make sure the HTTP Server user (e.g. www) has can write to this file
$file_handle = fopen("requestTokens.txt", "a");
$line = $result . "\n";
fputs($file_handle, $line);
fclose($file_handle);
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 $http_code", false, $http_code);
header('Content-Type: application/x-www-form-urlencoded');
// make sure that no other characters are written
// to the output, not even a newline character
echo "oauth_token=$oauth_token";
}
else {
header("HTTP/1.0 $http_code", true, $http_code);
echo $result;
// Note that this output will be sent directly to the Wave client
// you may want to log the results in a file to see what was sent
}
?>
callback.phpThis example calls the REST API to obtain the access token. It then uses a text file to store a mapping between the access token and the subscriber. You can implement the mapping storage however you see fit. <?php
/*
This page is served by a web server! The URL under which it is served
is set in the feed ("Callback URL") using the Publisher Portal.
The Wave client opens a browser and passes the URL, the user will see
the HTML output.
The page URL is called by the Wave client after the request token (RT)
has been authorized. It signals to the OAuth consumer that the token
can no be exchanged for an access token. It does the following:
1) Obtain the consumer key (Adobe ID) and secret (password). This
information is neede to make and sign the HTTP request to the OAuth
provider.
2) Search through the file requestTokens.txt and looks up the previously
stored request token secret (RTS)
3) Send an HTTP request to the OAuth provider to get an access token (AT).
(The access token identifies the publisher and the end user to the
service APIs). Together with the access token the OAuth serivice privider
returns an access toke secret (ATS).
4) Store the association between the AT and the ATS in the file
requestTokens.txt. The format is oauth_token=<AT>&oauth_token_secret=<ATS>
The access token is used in the notification call (see notification.php)
*/
// URL used to obtain a request token
$endpoint = "https://id-wave.adobe.com/identity/1.0/oauth/accesstoken";
if ($argc >= 2) {
// the parameter must be an authorized request token
$request_token = $argv[1];
}
else {
$request_token = $_REQUEST['oauth_token'];
}
// handle preconditions that fail
if (empty($request_token)) {
if (!empty($argv[0])) {
die("Usage: callback.php <request token>
[<consumer key> <consumer secret>]\n");
}
else {
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 400 Bad Request", false, 400);
echo "Accounts are not linked.\n".
"If this came as a result of 'Revoke Authoriztion' then this".
" is the expected result.\n".
"Otherwise there was an error: Missing parameter 'oauth_token'";
return;
}
}
if ($argc >= 4) {
// for testing purposes the script can be called from a shell
// Publisher's Adobe ID, the publisher must be a feed admin user
$oauth_consumer_key = $argv[2];
// password for the Adobe ID above
$oauth_consumer_secret = $argv[3];
}
else {
// when this page is served from an HTTP server credentials must be
// looked up from a persistent store.
// remember to use encryption when storing credentials in a production
// environment
$consumer_credentials = trim(file_get_contents('consumerCredentials.txt'));
// this should set the variables oauth_consumer_key and oauth_consumer_secret
parse_str($consumer_credentials);
}
// handle preconditions that can fail
if (empty($oauth_consumer_key) ||
empty($oauth_consumer_secret)) {
if (!empty($argv[0])) {
die(
"You must pass the consumer credentials\n\n".
"Usage: callback.php <request token> ".
"[<consumer key> <consumer secret>]\n\n".
"You can also set the credentials in a file ".
"'consumerCredentials.txt'\nThe format is ".
"'oauth_consumer_key=ADOBE_ID&oauth_consumer_secret=PASSWORD'\n.");
}
else {
// Return request token to Wave client (the original HTTP requestor)
header("HTTP/1.0 500 Internal Error", false, 500);
echo "The consumer credentials should be set in a file ".
"'consumerCredentials.txt'\nThe format is ".
"'oauth_consumer_key=ADOBE_ID&oauth_consumer_secret=PASSWORD'\n.";
return;
}
}
// Here we look up the request token secret associated with the request token.
// In this sample, the token/token secrets are stored in a text file called
// requestTokens.txt.
// Read token file into an array.
$lines = file("requestTokens.txt", FILE_IGNORE_NEW_LINES);
// Variable to hold request token secret that we will look up.
$request_token_secret = NULL;
foreach($lines as $line) {
parse_str(trim($line), $temp_array);
$temp = $temp_array['oauth_token'];
// compare the line to the parameter that was passed
if($temp == $request_token) {
// Found matching request token, get the secret
$request_token_secret = $temp_array['oauth_token_secret'];
}
}
if(empty($request_token_secret)) {
if (!empty($argv[0])) {
die(
"You must first obtain a request token and a secret.\n
Use initiation.php\n
The script saves the values in the file 'requestTokens.txt'");
}
else {
header("HTTP/1.0 500 Internal Error", false, 500);
echo "Cannot obtain request token and secret";
return;
}
}
// OAuth signature method, it's ok since we are using HTTPS
$signature_method = 'PLAINTEXT';
// The following fields are required for consistency with OAuth protocol
// The timestamp value MUST be a positive integer and MUST be equal
///or greater than the timestamp used in previous requests.
$oauth_timestamp = time(); // must be in valid timestamp format.
// a Nonce value that is unique for all requests with that timestamp
$oauth_nonce = rand();
// If we have a request token secret, then generate the HTTP request
// to get the access token:
// OAuth signature is a concatenation of the consumer's secret and
// the request token secret, separated by an ampersand (&), or "%26"
$signature = $oauth_consumer_secret . '&' . $request_token_secret;
// OAuth request token parameter array
$token_request_properties = array(
'oauth_consumer_key' => $oauth_consumer_key,
'oauth_token' => $request_token,
'oauth_signature_method' => $signature_method,
'oauth_signature' => $signature,
'oauth_timestamp' => $oauth_timestamp,
'oauth_nonce' => $oauth_nonce);
// Gather request parameters into string form for posting.
// Note that in some PHP installations you must set the delimiter
// explicitly to '&'. See documentation for http_build_query()
$post_fields_string = http_build_query($token_request_properties);
// initialize curl handle
$curl_handle = curl_init();
// set the URL
curl_setopt($curl_handle, CURLOPT_URL, $endpoint);
// set the HTTP method to POST
curl_setopt($curl_handle, CURLOPT_POST, 1);
// add the parameters, by default the content type is
// application/x-www-form-urlencoded
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, $post_fields_string);
// return the results to a variable and not to the output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
// If you can't connect try skipping the SSL peer verification
//curl_setopt($curl_handle, CURLOPT_SSL_VERIFYPEER, FALSE);
//or configure the location of the CA certificates
//curl_setopt($curl_handle, CURLOPT_CAINFO,$certs_dir);
// execute the HTTP POST request
$result = curl_exec($curl_handle);
if (!$result) {
// Maybe a problem with curl? SSL CA certs installed?
header("HTTP/1.0 500 Internal Error", false, 500);
echo "Could not execute request to URL $endpoint";
echo curl_errno($curl_handle) . " - " . curl_error($curl_handle);
curl_close($curl_handle);
return;
}
// Get HTTP status code from the response. A non-200 value indicates an error.
$info = curl_getinfo($curl_handle);
$http_code = $info['http_code'];
curl_close($curl_handle);
if($http_code == "200") {
// The result returned by OAuth provider looks like this:
// oauth_token=<AT>&oauth_token_secret=<ATS>
// Parse $result into $oauth_token and $oauth_token_secret variables
// We need to return $oauth_token to the Wave client in the
// HTTP response, but also persist both values for later use.
parse_str(trim($result));
if(!empty($oauth_token)) {
// Save access token and access token secret to a text file.
// make sure the HTTP Server user (e.g. www) can write to this file
$file_handle = fopen("accessTokens.txt", "a");
fputs($file_handle, "$result\n");
fclose($file_handle);
// Finally, return to the browser
// you should display a page that indicates success
include("authorization_success.php");
}
else {
echo "Service provider did not return an access token\n";
}
}
else {
header("HTTP/1.0 $http_code", true, $http_code);
echo $result;
// Note that this output will be sent directly to the browser
// you may want to log the results in a file to see what was sent
// you should also prepare different HTML output for different
// error situations. Possible error codes
// 401 Unauthorized: somethign was wrong with the oauth token
// or the consumer key/consumer secret
// 410 Gone: the request token is not valid anymore
}
?>
|
