Blizzard Api OAuth in php

API Discussion
So ..
here is my work-in-progress php oauth api

https://github.com/Ulminia/blizzard-api-oauth

I have massively updated my wiki for my latest push.

https://github.com/Ulminia/blizzard-api-oauth/wiki
i have updated my app a little and added much better documentation in a wiki that can be found here on github

https://github.com/Ulminia/blizzard-api-oauth/wiki

any features or changes you can think of let me know
This may be a dumb question but I assume the index.php fetch call is just to show that in action?
yes it is index.php is an example of how the script can be used there are 2 examples of calls in it

normal character calls and oauth account info
Thanks.

Now to figure out how to tie this into my joomla authentication
I am working to now incorporate Oauth into our guild website. I an using your example to get started. I have downloaded the files, edited the information with my own and uploaded the files to my website host.

Everything seems to be working fine except the request to login using battle.net. I followed your instructions on the Github site but I am getting an error: Warning: Cannot modify header information - headers already sent by (output started at /home/myhost/public_html/kotsh.org/123/007/index.php:28) in /home/myhost/public_html/kotsh.org/123/007/index.php on line 35
Redirect


Also I am not being redirected to the Battle.net login page to enter my game account info. Is there a step that I missed?

Yes, the site is SSL enabled.
your script is setting the header() function some where and the script uses this for the redirect ud have to post the index.php code for debug
I am using the index.php file that you supplied:<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

require('Client.php');
require('GrantType/IGrantType.php');
require('GrantType/AuthorizationCode.php');

/**
* Required vars for the api to work
*
**/

$client_id = '@#$%^&*';
$client_secret = '@#$%^&*';
$region = 'US';
$locale = 'en_US';
$redirect_uri = 'https://www.kotsh.org/index.php';

// init the auth system client_id, client_secret, region, local all required
$client = new OAuth2\Client($client_id, $client_secret, $region, $locale, $redirect_uri);

$r = $client->fetch('character',array('name'=>'Thëödïcüs','server'=>'proudmoore','fields'=>'items,stats'));
echo '<pre>';
print_r($r);
echo '</pre>';

if (!isset($_GET['code']))
{
$auth_url = $client->getAuthenticationUrl($client->baseurl[$client->region]['AUTHORIZATION_ENDPOINT'], $client->redirect_uri);
header('Location: ' . $auth_url);
die('Redirect');
}
else
{
$params = array('code' => $_GET['code'], 'auth_flow' => 'auth_code', 'redirect_uri' => $client->redirect_uri);
$response = $client->getAccessToken($client->baseurl[$client->region]['TOKEN_ENDPOINT'], 'authorization_code', $params);
$client->setAccessToken($response['result']['access_token']);
$response = $client->fetch('wowprofile');
echo '<pre>';
print_r($response);
echo '</pre>';
}
try removing the
error_reporting(E_ALL);
ini_set('display_errors', 1);
lines and see if that works but if you havent edited the file it should be working
Removed those lines and it returned all my character info from the API. It did not take me to the Battle.net login where I could put in my login credentials.

At the bottom of the page under all the Character API data there is a line that just says " Redirect"
12/31/2014 05:18 PMPosted by Ulminia
try removing the
error_reporting(E_ALL);
ini_set('display_errors', 1);
lines and see if that works but if you havent edited the file it should be working


NEVER do that under dev mode -,-

What error you got now?

I will help you! ;']

you canno use header() once text has been output to the browser.
die('Redirect'); is outputting text remove it

that should not be there it should just be return; or exit(); or just not exist at all...

and if your api key already has access to your account it wont ask for you to login agian you then need to go in to account management and remove access your app to test it...

01/01/2015 03:50 AMPosted by Forti
NEVER do that under dev mode -,-


if you are on a test server most people have these set to show anyway i just added them in case but they can cause issues some times ... hence once he removed them the script worked
01/01/2015 08:08 AMPosted by Ulminia
die('Redirect'); is outputting text remove it

that should not be there it should just be return; or exit(); or just not exist at all...

and if your api key already has access to your account it wont ask for you to login agian you then need to go in to account management and remove access your app to test it...

01/01/2015 03:50 AMPosted by Forti
NEVER do that under dev mode -,-


if you are on a test server most people have these set to show anyway i just added them in case but they can cause issues some times ... hence once he removed them the script worked


Its bad practice. On prod env. you should hide error reporting to safety if mysql crash (e.g. errors with basename and username) etc. but never in dev env.
Script works can not be dependent on error reporting. Every @ to hide them is bad practice.

Good programmer know that. There is nothink to talk about in this case.

sorry for spelling ;)
in my most recent use of the api i have set it to use a popup for the login / allow app page much like the api docs pages does this seemed to be a better solution with it posting back to the main page and refreshing it if needed
01/01/2015 08:08 AMPosted by Ulminia
die('Redirect'); is outputting text remove it

that should not be there it should just be return; or exit(); or just not exist at all...

and if your api key already has access to your account it wont ask for you to login agian you then need to go in to account management and remove access your app to test it...


Ok, I am confused . . . . so I am to remove the "die('Redirect');" line. Mind you this is your script I just downloaded and only edited the information for my API account & Character info. I never changed anything else inside the script or the other files that came with it.

And also, you suggested that I disable my app to test? Wouldn't that break the functionality of my other scripts - i.e. guild API date gathering & display? Since my app is my website address - how is disabling it on my mashery account supposed to get the login from battle.net to work properly?

I'm so lost.
Ok, remove the Redirect line. Doubled checked my account to make sure all was matching (forgot that I got SSL on the website so had to add "https{ to my mashery account), ran the script and it displayed my character API info - with no errors.

Script still did not show a list of characters on my battle.net account even though I am logged into the account via the website (hence me posting this).

I then commented out the line: print_r($r); and ran the script file again. This time no API data displayed, no errors but no wowprofile data.

I tried to comment out the: echo '<pre>'; lines and got an error that stated: error="invalid_grant", error_description="Invalid redirect: https:..www.kotsh.org/ does not match one of the registered values: [http..www.kotsh.org, https:..dev.battle.net/]"

Check the registered value of: http --> it should be: https
that would be blizzard telling you that your url in the api app section has not updated yet

they can take some time to update

in your battlenet account management there is a section called Authorized Applications
here -> https://us.battle.net/account/management/authorizations.html

this is where you revoke your app to get a new prompt on the script
Yep, gave it some time to update my account. Ran the script again from web browser and I was presented with the Battle.net login. Logged in with my credentials and it spit out my Character API data but at the bottom of the page was the error: Fatal error: Undefined class constant 'MISSING_PARAMETER' in /home/myhost/public_html/kotsh.org/123/007/Client.php on line 485
Sorry for being such a bother on this.

Edit: That error happens in IE 11 Browser but no error in Firefox 34.0 Browser (might have to clear browser cache . . .
your access token is not set in the script add
echo '<pre>';
print_r($response);
echo '</pre>';

before client->setAccessToken($response['result']['access_token']);

sometimes the api pushes back with out the ['results'] code depending on the php version for some reason this will help with debugging
Looks like it's working. All I did was refresh the page after closing the browser and flushing the cache. Looks good now with the b.net character info listed. As well, I tried it on our main page and it went right to the b.net login page then redirected back to our main portal page.

Now I just have to be able to pull the user's data to list their characters on their account and also incorporate a way for the page to see/display that the user is already logged in (guild members only of course).

Lot's of work ahead of me. Thanks Ulminia for the script and help!

Join the Conversation

Return to Forum