Integrating SimosNap OAuth & OpenID Connect Login

More and more websites, communities and online projects are choosing to delegate authentication to external identity providers rather than managing user accounts and passwords directly.

For this reason, SimosNap IRC Network provides an OAuth 2.0 and OpenID Connect authentication system that allows developers to integrate SimosNap login into their own applications.

In this guide we'll see how the integration works and how to get started quickly.

Why use OAuth?

Managing a login system requires time, maintenance and constant attention to security.

By using OAuth:

  • You don't need to manage user passwords.
  • You don't need to implement password recovery procedures.
  • You don't need to worry about credential security.
  • You can leverage the existing SimosNap identity system.

Users authenticate directly on SimosNap servers and your application only receives the information they have authorized.

Registering an Application

To use the OAuth system, you must first register an application in your SimosNap account.

During registration, the following credentials are generated:

  • Client ID
  • Client Secret
  • Authorized Redirect URIs
  • Allowed Scopes

Example

CLIENT_ID=my_application_123456789
CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxx
REDIRECT_URI=https://example.org/oauth/callback.php

Available Endpoints

Authorization Endpoint

https://www.simosnap.org/rest/service.php/oauth/authorize

Token Endpoint

https://www.simosnap.org/rest/service.php/oauth/token

UserInfo Endpoint

https://www.simosnap.org/rest/service.php/oauth/userinfo

Step 1: Redirect the User

When a user clicks the "Sign in with SimosNap" button, they must be redirected to the OAuth authorization endpoint.

Authorization Request

$clientId = 'my_application_123456789';
$redirectUri = 'https://example.org/oauth/callback.php';

$state = bin2hex(random_bytes(16));

$_SESSION['oauth_state'] = $state;

$params = [
    'response_type' => 'code',
    'client_id'     => $clientId,
    'redirect_uri'  => $redirectUri,
    'scope'         => 'openid profile irc',
    'state'         => $state
];

header(
    'Location: https://www.simosnap.org/rest/service.php/oauth/authorize?' .
    http_build_query($params)
);

exit;

The state parameter is generated randomly and stored in the user's session to protect the application against CSRF attacks.

Step 2: Receive the Authorization Code

After the user authenticates and grants consent, SimosNap redirects the browser back to your callback URL.

Redirect Example

https://example.org/oauth/callback.php?code=abc123&state=xyz456

Before proceeding, always verify the state parameter.

State Validation

if ($_GET['state'] !== $_SESSION['oauth_state']) {
    die('Invalid state');
}

Step 3: Obtain an Access Token

The authorization code must be exchanged for an access token.

Access Token Request

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.simosnap.org/rest/service.php/oauth/token',
    CURLOPT_POST => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POSTFIELDS => http_build_query([
        'grant_type'    => 'authorization_code',
        'client_id'     => $clientId,
        'client_secret' => $clientSecret,
        'redirect_uri'  => $redirectUri,
        'code'          => $_GET['code']
    ])
]);

$response = curl_exec($ch);

curl_close($ch);

$data = json_decode($response, true);

Typical Response

{
    "access_token": "xxxxxxxx",
    "token_type": "Bearer",
    "expires_in": 3600
}
Documentation: https://www.simosnap.org/resources#oauth