I'm running PHP on a local IIS stack. After spending more time than I'd like to admit, this was due to my local development environment not having support for SSL.

I hope this helps others out. Cheers! 🍻

Symptom

I was unable to get the http() function to work correctly. It wasn't returning anything. Worse, the function just silently fails.

Note: you can debug cURL using this technique

Resolution

⚠️Caution! You should not make this change in a production environment. Only use it for local development :)

I disabled cURL from verifying SSL by setting these additional options

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

function http($url, $params=false) {
  $ch = curl_init($url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+ curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  if($params)
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
  return json_decode(curl_exec($ch));
}

I noticed that when the token_type is a bearer the script is not working:

function http($url, $params=false,$bearer=false) {
  $ch = curl_init($url);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
   if($bearer!=false)
{
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: Bearer ".$bearer ));
}
  if($params)
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
$r=curl_exec($ch);
//echo $r;
 return json_decode($r);
}

Shall I create a PR?

Is nonce needed here and verified?

Thank you so much for your work.
I use it and it work but when app redirect to my callback URL the page is all white.
I redirect it on same page where are located the index.php.
I forget something?

thanks
best regard

How do I end the session at the SP after clicking logout? Does this script support end_session_endpoint?

After git cloning the code and changed client_id, client_secret and metadata_url, and start php local server, I got the error: "404 bad request, Your request resulted in an error.
Identity Provider: Unknown
Error Code: invalid_request
Description: Clients with 'application_type' of 'service' are not allowed to access the 'authorize' endpoint."

Please help me with it.

Thanks,
Grace

The demo does not work locally for me. Using php 7.4.

I tried the latest and the original version of the demo php here and I get basically the same error in both cases.

In the console, i see this error:

[Thu Dec 31 09:17:46 2020] PHP Notice: Trying to get property 'authorization_endpoint' of non-object in C:\oauth-demo\index.php on line 70
[Thu Dec 31 09:17:46 2020] [::1]:54923 [200]: GET /?response_type=code....

Got 404 error
The requested resource /'.$authorize_url.' was not found on this server.

Thanks for your work.
I just encounter a problem when trying it.
when using
$token = http($metadata->introspection_endpoint, [
'token' => $response->access_token,
'client_id' => $client_id,
'client_secret' => $client_secret,
]);
I can get the token.
But when using
$userinfo = http($metadata->userinfo_endpoint, [
'access_token' => $response->access_token,
]);
I cannot get the userinfo, it looks like userinfo_endpoint doesn't exist.
Have I done someting wrong when using it?

Thanks,
Grace