Blizzard Api OAuth in php

API Discussion
Got a quick question.

How does one hide the resulting "code" string that appears in the URL of the address bar once a user logs in with their battle.net credentials?

The reason why I am asking is because I don't want the token string of code to be shown in the address bar for better security. I have seen sites like wowhead.com show a different URL (or none at all) once a user logins in with their battle.net info.

I am in the process of making a complete login/script/display page for members of my guild so when they login they can see their characters on their account for WoW. This is taken a bit of trial and effort since I have to pull the battle.net into a MySQL DB using PHP. So far I have got the login to work but it only returns to the original page that the user started from. No account/character data displayed or collected yet.

Quick Example Link: https://www.kotsh.orgYou should be able to login with your battle.net account info but after that, you are returned to our guild main portal page.

Now what? LMAO!
When Battle.net routes the client back to your site, you can redirect the client to a new page. The quick dirty way would to to have some JavaScript on that page like:

window.location = "https://www.kotsh.org";

That's pretty inelegant, though. A better way would be to have your server perform a server-side redirect (specifically a 303). I did a little Googling and whipped up some example PHP for ya:

header("HTTP/1.1 303 See Other");
header("Location: https://www.kotsh.org/");


NOTE: Ignore the italics ;)
this is a reason i have implemented a pop up in my script for wowroster the address bar is not shown and the popup closes and redirects the main window after the script finished showing the user there characters

this resulted in a popup script that us used for all account api interactions and redirects are set by php vars

tobad the api would not post back to our sites for this section of the api
Ulminia, is there a particular reason why you don't want to display the address bar?
on second check on the popup the address bar is shown but when posted back to after the battle.net login the popup closes before the address with the code in it could be read
There's no danger of leaking anything via the address bar.

After you've authenticated, the OAuth provider redirects the user-agent (browser) to the client (your application's server). This redirect contains a time-sensitive, one-time attempt authorization code (authCode) that your OAuth client will use to retrieve an access token.

In other worse, as soon as your application tries to use the auth code it becomes useless to anyone else.
Hi, i´m trying to get character informations with your script. But the only result i get is a blank page. I´ve uploaded all the files and entered the right api keys.

Here is the example code:


<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

require('blizzard-api-oauth-master/Client.php');
require('blizzard-api-oauth-master/GrantType/IGrantType.php');
require('blizzard-api-oauth-master/GrantType/AuthorizationCode.php');

/**
* Required vars for the api to work
*
**/

$client_id = 'my api key';
$client_secret = 'secret api key';
$region = 'US';
$locale = 'de_DE';
$redirect_uri = '';

// init the auth system client_id, client_secret, region, local all required
$client = new OAuth2\Client($client_id, $client_secret, $region, $locale, $redirect_uri);

/*
this is the new api class for warcraft only wow related calls are used in it
*/

class wow {
/**
* Type of call uri build
* $class - type of call
* $fields - array of data (name,server,size)
**/
public function _buildtype($class,$fields)
{
switch ($class)
{

case 'character':
$q = 'wow/character/'.$fields['Zangarmarsh'].'/'.$fields['Ulminia'];
break;


default:
break;
}
//$q = str_replace('+' , '%20' , urlencode($q));
return $q;
}

}

?>

if you have the latest update from github the "wow" class is not used yet
and you have to make calls with the script as follows

$client->fetch('character',array('name'=>'Ulminia','server'=>'zangarmarsh','fields'=>'items'));

this is how the calls are made usage is defined here

https://github.com/Ulminia/blizzard-api-oauth/wiki/Usage
Oh okay. I just copied the code out of a forum post since i´m not very good with php.

Could you give me an example how i get character informations. I tried this, but i just get a blank page.

Thanks.


<?php
require('./blizzard-api-oauth-master/Client.php');
require('./blizzard-api-oauth-master/GrantType/IGrantType.php');
require('./blizzard-api-oauth-master/GrantType/AuthorizationCode.php');

$client_id = 'my api key';
$client_secret = 'secret api key';
$region = 'US';
$locale = 'de_DE';
$redirect_uri = '';

$client = new OAuth2\Client($client_id, $client_secret, $region, $locale, $redirect_uri);

$r = $client->fetch($type,$parameters);

$array = array('name'=>'ulminia','server'=>'zangarmarsh','fields'=>'items,stats')

print_r(array_values($array));

?>

try this ...

$array = array('name'=>'ulminia','server'=>'zangarmarsh','fields'=>'items,stats')
$type = 'character';
$r = $client->fetch($type,$array);
rcho '<pre>';
print_r($r);
echo '</pre>';


thats the proper method to make a call
First of all. Thanks for the help.

I tried it now with this code:


<?php
require('./blizzard-api-oauth-master/Client.php');
require('./blizzard-api-oauth-master/GrantType/IGrantType.php');
require('./blizzard-api-oauth-master/GrantType/AuthorizationCode.php');

$client_id = 'my api key';
$client_secret = 'secret api key';
$region = 'US';
$locale = 'de_DE';
$redirect_uri = '';

$client = new OAuth2\Client($client_id, $client_secret, $region, $locale, $redirect_uri);

$array = array('name'=>'ulminia','server'=>'zangarmarsh','fields'=>'items,stats');
$type = 'character';
$r = $client->fetch($type,$array);
echo '<pre>';
print_r($r);
echo '</pre>';

?>


But I just get this result:


Array
(
[result] => Array
(
[code] => 403
[type] => Forbidden
[detail] => Account Inactive
)

[code] => 403
[content_type] => application/json
)


What does this means?
means you need to put in your api codes to use the api and register a redirect url
https://dev.battle.net/member/register

will get you started
Thanks, yeah i´ve forgotten the redirect url.
I´ve another question.

I know how to call a specific achievement with the id.

$array = array('id'=>'42');
$type = 'achievement';
$r = $client->fetch($type,$array);

print_r ($r);



On https://dev.battle.net/io-docs you can get all the available character achievements (under the category "data resources").

How can i get the whole array with all the achievements?
https://github.com/Ulminia/blizzard-api-oauth/wiki/Usage

this lists all the "old" calls most should still work but i havent updated my wiki for the new urls yet and stuff that's been added lately

as well as the next release of my api that's is coming soon has the ability to add mini classes for wow d3 and sc

but using the type = achievements would give you the full character achievements listing
Yeah this works, but is there are solutions to get all the available achievements ingame via the api (not just the one from a character).
$type = 'achivements'; = all character achivements
$type = 'guild_achievements'; = all guild achievements

there are 2 end points to list all the possible achievements for both guild and character

these again were listed on my wiki
Yes i can get the achievements, which a character has absolved under the [achievementsCompleted] => Array

But what do you mean with endpoints to list all available achievements?
$r = $client->fetch('achievements'); - all character achievements (not completes but ALL of them)

$r = $client->fetch('guild_achievements'); - all guild achievements...

and and end point is the api resource like https://us.api.battle.net/wow/data/character/achievements wiich is the "achievements" type in my script

Join the Conversation

Return to Forum