Preparing the script so it can be added to the administration panel as an individual application

To help you in the process of adding your own solution to the IdoSell Shop panel, we have prepared an instruction with an example application and an auxiliary library.

1. Access control

Authentication is done via OAuth 2.0 Server. An individual application can perform authentication in two ways:

with an authorization code when logging in for the first time
with a refresh token if the access token expires

Required addresses:

authentication server address: https: your.domain/panel/action/authorize/authorize

address for token exchange https: your.domain/panel/action/authorize/access_token
address for obtaining the public key: https: //your.domain/panel/action/authorize/public_key

Supported access ranges (scope)
*openid - login of the logged in user
*profiles - logged in user's data
*email - email of the logged in user
*api-pa - required if the application invokes the API of the administration panel

2. Access to API of the administration panel from an individual application

After correct authentication in the panel, the individual application gains access to the API of the administration panel, while the authorization of individual calls to gates can be made in two ways:

by placing the HTTP header in the API request Authorization: Bearer access_token where access_token is a token obtained in the process of authentication. It should be remembered to send the API login data, that is userLogin and authenticateKey not completed
by entering in the login data userLogin = 'oauth_authorization' and authenticateKey=received_token
panel API requests must be in encrypted communication https

3. SDK to create an individual application

3.1. Example of Hello World


<?php

require_once __DIR__ . '/autoload.php';

use IAI\Authorization\OpenIdClient;
use IAI\Authorization\Oauth2Client;

session_start();

// ---------- Application init ----------
$applicationState = new ApplicationState(); //implementation of IAI\Application\StateInterface
$keyStorage = new KeyStorage(); //implementation of IAI\Application\PublicKeyStorageInterface

/**
 * ENTER YOUR APPLICATION'S CONFIGURATION BELOW
 */
$applicationConfig = (new \IAI\Application\Config())
    ->setPanelTechnicalDomain('panel.technical.domain')
    ->setId('client_id')
    ->setSecret('client_secret')
    ->setRedirectUri('https://yourappdomain/index.php');
    //enter here exactly the same return address that you indicated on the page of individual application settings in the IdoSell Shop panel in the field "Address to which the application will be redirected after correct authorization"

// --------------------------------------

// ---------- Logging in, checking session, refreshing tokens etc. ----------
try {
    if (!$applicationState->isLoggedIn()) {

        //Using OpenID Connect authentication server to log in
        $client = new OpenIdClient($applicationConfig, $keyStorage, $applicationState);

        if (empty($_GET['code']) && empty($_GET['state'])) {
            //no authorization code, no application state - first step of authentication - get the authorization code
            $client->startAuthentication();
        }

        //got (or should have) authorization code and application state - exchange authorization code for access token
        $token = $client->finalizeAuthentication($_GET['code'], $_GET['state']);

        //save received token in session
        $applicationState->setToken($token);

        //get logged in user details and save them in session
        $user = $token->getIdToken()->getClaim('profile', false);
        if ($user === false) {
            throw new Exception('Couldn\'t log in');
        }
        $applicationState->setUser($user);
    }

    if ($applicationState->hasToRefreshToken()) {
        //logged in, but have old authorization token - need to refresh token
        $client = new Oauth2Client($applicationConfig, $keyStorage);
        $applicationState->setToken(
$client->refreshToken($applicationState->getToken())
        );
    }
} catch (Exception $e) {
    die('Error while getting access: ' . $e->getMessage());
}

// ------------------------------ Application "view" ------------------------------

$cssHref = ((new IAI\Application\Resources($applicationConfig))->getStyleSheetUrl());
$userName = $applicationState->getUser()->name;
$userPreferredName = $applicationState->getUser()->preferred_username;

?>

<html>
    <head>
        '; ?>
    </head>
    <body>
        Hello {$userName} ({$userPreferredName})!"; ?>
    </body>
</html>

3.2 Do you need a more advanced example?

download the IAI library containing ready-made classes to support authorization

download the sample individual application exampleApplication, in which we implemented the administration panel API request and an example of creating a form with data.

download the sample form of adding store client (remembering to change the header of the CSS address file to the appropriate for your domain)

4. The individual application is ready

To allow users to use your application, just add it to the panel.

Learn how to add the extension you created to the panel