1. Go to this page and download the library: Download bigcommerce-labs/hawk library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
bigcommerce-labs / hawk example snippets
// Simple example
$client = Dflydev\Hawk\Client\ClientBuilder::create()
->build()
// A complete example
$client = Dflydev\Hawk\Client\ClientBuilder::create()
->setCrypto($crypto)
->setTimeProvider($timeProvider)
->setNonceProvider($nonceProvider)
->setLocaltimeOffset($localtimeOffset)
->build()
$request = $client->createRequest(
$credentials,
'http://example.com/foo/bar?whatever',
'POST',
array(
'payload' => 'hello world!',
'content_type' => 'text/plain',
)
);
// Assuming a hypothetical $headers object that can be used to add new headers
// to an outbound request, we can add the resulting 'Authorization' header
// for this Hawk request by doing:
$headers->set(
$request->header()->fieldName(), // 'Authorization'
$request->header()->fieldValue() // 'Hawk id="12345", mac="ad8c9f', ...'
);
// Assuming a hypothetical $headers object that can be used to get headers sent
// back as the response of a user agent request, we can get the value for the
// 'Server-Authorization' header.
$header = $headers->get('Server-Authorization');
// We need to use the original credentials, the original request, the value
// for the 'Server-Authorization' header, and optionally the payload and
// content type of the response from the server.
$isAuthenticatedResponse = $client->authenticate(
$credentials,
$request,
$header,
array(
'payload' => '{"message": "good day, sir!"}',
'content_type' => 'application/json',
)
);
// Create a set of Hawk credentials
$credentials = new Dflydev\Hawk\Credentials\Credentials(
'afe89a3x', // shared key
'sha256', // default: sha256
'12345' // identifier, default: null
);
// Create a Hawk client
$client = Dflydev\Hawk\Client\ClientBuilder::create()
->build();
// Create a Hawk request based on making a POST request to a specific URL
// using a specific user's credentials. Also, we're expecting that we'll
// be sending a payload of 'hello world!' with a content-type of 'text/plain'.
$request = $client->createRequest(
$credentials,
'http://example.com/foo/bar?whatever',
'POST',
array(
'payload' => 'hello world!',
'content_type' => 'text/plain',
)
);
// Ask a really useful fictional user agent to make a request; note that the
// request we are making here matches the details that we told the Hawk client
// about our request.
$response = Fictional\UserAgent::makeRequest(
'POST',
'http://example.com/foo/bar?whatever',
array(
'content_type' => 'text/plain',
$request->header()->fieldName() => $request->header()->fieldValue(),
),
'hello world!'
);
// This part is optional but recommended! At this point if we have a successful
// response we could just look at the content and be done with it. However, we
// are given the tools to authenticate the response to ensure that the response
// we were given came from the server we were expecting to be talking to.
$isAuthenticatedResponse = $client->authenticate(
$credentials,
$request,
$response->headers->get('Server-Authorization'),
array(
'payload' => $response->getContent(),
'content_type' => $response->headers->get('content-type'),
)
);
if (!$isAuthenticatedResponse) {
die("The server did a very bad thing...");
}
// Huzzah!
$credentialsProvider = function ($id) {
if ('12345' === $id) {
return new Dflydev\Hawk\Credentials\Credentials(
'afe89a3x', // shared key
'sha256', // default: sha256
'12345' // identifier, default: null
);
}
};
// Simple example
$server = Dflydev\Hawk\Server\ServerBuilder::create($credentialsProvider)
->build()
$credentialsProvider = function ($id) {
if ('12345' === $id) {
return new Dflydev\Hawk\Credentials\Credentials(
'afe89a3x', // shared key
'sha256', // default: sha256
'12345' // identifier, default: null
);
}
};
// A complete example
$server = Dflydev\Hawk\Server\ServerBuilder::create($credentialsProvider)
->setCrypto($crypto)
->setTimeProvider($timeProvider)
->setNonceValidator($nonceValidator)
->setTimestampSkewSec($timestampSkewSec)
->setLocaltimeOffsetSec($localtimeOffsetSec)
->build()
// Get the authorization header for the request; it should be in the form
// of 'Hawk id="...", mac="...", [...]'
$authorization = $headers->get('Authorization');
try {
$response = $server->authenticate(
'POST',
'example.com',
80,
'/foo/bar?whatever',
'text/plain',
'hello world!'
$authorization
);
} catch(Dflydev\Hawk\Server\UnauthorizedException $e) {
// If authorization is incorrect (invalid mac, etc.) we can catch an
// unauthorized exception.
throw $e;
}
// The credentials associated with this request. This is where one could access
// the ID for the user that made this request.
$credentials = $response->credentials();
// The artifacts associated with this request. This is where one could access
// things like the 'ext', 'app', and 'dlg' values sent with the request.
$artifacts = $response->artifacts();
// Using the same credentials and artifacts from the server authenticate
// response, we can create a 'Server-Authorization' header.
$header = $server->createHeader($credentials, $artifacts, array(
'payload' => '{"message": "good day, sir!"}',
'content_type' => 'application/json',
));
// Set the header using PHP's header() function.
header(sprintf("%s: %s", $header->fieldName(), $header->fieldValue()));
// Create a simple credentials provider
$credentialsProvider = function ($id) {
if ('12345' === $id) {
return new Dflydev\Hawk\Credentials\Credentials(
'afe89a3x', // shared key
'sha256', // default: sha256
'12345' // identifier, default: null
);
}
};
// Create a Hawk server
$server = Dflydev\Hawk\Server\ServerBuilder::create($credentialsProvider)
->build()
// Get the authorization header for the request; it should be in the form
// of 'Hawk id="...", mac="...", [...]'
$authorization = $headers->get('Authorization');
try {
$response = $server->authenticate(
'POST',
'example.com',
80,
'/foo/bar?whatever',
'text/plain',
'hello world!'
$authorization
);
} catch(Dflydev\Hawk\Server\UnauthorizedException $e) {
// If authorization is incorrect (invalid mac, etc.) we can catch an
// unauthorized exception.
throw $e;
}
// Huzzah! Do something at this point with the request as we now know that
// it is an authenticated Hawk request.
//
// ...
//
// Ok we are done doing things! Assume based on what we did we ended up deciding
// the following payload and content type should be used:
$payload = '{"message": "good day, sir!"}';
$contentType = 'application/json';
// Create a Hawk header to sign our response
$header = $server->createHeader($credentials, $artifacts, array(
'payload' => $payload,
'content_type' => $contentType,
));
// Send some headers
header(sprintf("%s: %s", 'Content-Type', 'application/json'));
header(sprintf("%s: %s", $header->fieldName(), $header->fieldValue()));
// Output our payload
print $payload;