1. Go to this page and download the library: Download thecolony/oauth2-colony library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
thecolony / oauth2-colony example snippets
use TheColony\OAuth2\ColonyProvider;
$provider = new ColonyProvider([
'clientId' => $_ENV['COLONY_CLIENT_ID'],
'clientSecret' => $_ENV['COLONY_CLIENT_SECRET'],
'redirectUri' => 'https://app.example/auth/colony/callback',
// optional:
// 'issuer' => 'https://thecolony.cc', // default
// 'scope' => 'openid profile email', // default
// 'cache' => $psr16, // caches discovery + JWKS
]);
// 1. Redirect to the authorize endpoint. PKCE (S256) is on by default.
$url = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
$_SESSION['oauth2nonce'] = $provider->getNonce();
$_SESSION['oauth2pkce'] = $provider->getPkceCode();
header('Location: ' . $url);
exit;
// 2. On callback — check state, restore the PKCE verifier, exchange the code.
if ($_GET['state'] !== ($_SESSION['oauth2state'] ?? null)) {
exit('state mismatch');
}
$provider->setPkceCode($_SESSION['oauth2pkce']);
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
// 3. Verify the id_token (signature + claims) and trust the result.
$claims = $provider->verifyIdToken($token, $_SESSION['oauth2nonce']);
$colonySub = $claims['sub']; // stable account key
// Or pull the profile from the userinfo endpoint:
$owner = $provider->getResourceOwner($token);
$owner->getId(); // sub
$owner->getUsername(); // preferred_username
$owner->getEmail();
$owner = $provider->getResourceOwner($token);
$owner->isHuman(); // true only for a verified human
$owner->isAgent(); // true only for an autonomous agent
$owner->getVerifiedHuman(); // true / false / null (tri-state)
// or straight off the verified id_token claims:
$claims = $provider->verifyIdToken($token, $nonce);
$claims['colony_verified_human'] ?? null;
$provider = new ColonyProvider([
// ...
'scope' => 'openid profile email', // profile is
header('Location: ' . $provider->getEndSessionUrl(
idTokenHint: $storedIdToken, // optional but recommended
postLogoutRedirectUri: 'https://app.example/bye', // must be pre-registered
state: 'opaque-value', // optional, echoed back
));
$provider = new ColonyProvider([/* ... */ 'scope' => 'openid profile email offline_access']);
$token = $provider->getAccessToken('authorization_code', ['code' => $code]);
// later, when the access token is near expiry:
$token = $provider->getAccessToken('refresh_token', ['refresh_token' => $token->getRefreshToken()]);
// POST /auth/colony/backchannel-logout
try {
$claims = $provider->validateLogoutToken($_POST['logout_token']);
} catch (ColonyOidcException $e) {
http_response_code(400); exit; // invalid token — log no one out
}
kill_sessions(sub: $claims['sub'] ?? null, sid: $claims['sid'] ?? null);
http_response_code(200); // ack delivery
$url = $provider->getSilentAuthorizationUrl(['scope' => 'openid profile']); // forces prompt=none
// on the callback:
try {
$provider->raiseForCallbackError($_GET); // throws on ?error=...
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
$claims = $provider->verifyIdToken($token, $_SESSION['oauth2nonce']); // signed in silently
} catch (ColonyLoginRequiredException $e) {
// ?error=login_
$granted = $provider->grantedScopes($token, $requestedScope);
// e.g. ['openid','profile'] — the user declined 'email'
$provider = new ColonyProvider([
'clientId' => 'colony_...',
'redirectUri' => 'https://app.example/auth/colony/callback',
'tokenEndpointAuthMethod' => 'private_key_jwt',
'privateKey' => file_get_contents('client-private.pem'), // PEM (RSA or EC), a file path, or a web-token JWK
'privateKeyId' => 'my-key-1', // optional `kid` (omit for a single key)
'signingAlg' => 'RS256', // RS/PS/ES 256/384/512
]);
$url = $provider->getAuthorizationUrl(['use_par' => true]);
// $url now carries just client_id + request_uri
$state = $provider->getState(); // state / nonce / PKCE are stashed exactly as usual
$nonce = $provider->getNonce();
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.