20 Jan 2017

PHP revisited

Default blog image


Someone contacted me about using the viewer on his website to show a couple of his models. As you may know by now, the viewer requires a valid access token to display a file. In theory you could try to call the authentication endpoint from a client side JavaScript code as well. However, that way you would expose the Client Secret of your app.
The best thing is to use some server side processing to request the access token, which also helps you hide your app's Client Secret.   

If you already have a website hosted somewhere, then you might not want to migrate all that to another server just so that you could also run e.g. Node.js code. You could either just create another web server only for the authentication part, or simply add some server-side code to your existing webpage. Most servers (even the free hosting ones) support PHP, so you could probably go with that.

As a test I got a free website, http://adamenagy.com. After that I could simply follow what Augusto already talked about in this blog post.
I just needed to create and upload three files to the main folder of my webpage, where the index.html or index.php file is: viewer.html, auth.phphttpful.phar

The only thing I needed to add to the original code was the scoping for the access token request: scope=data:read (line 39 in auth.php)
And of course I had to add my app's Client ID and Client Secret to the code (line 11 & 12 in auth.php)
My server's PHP did not like the "define()" parts, but adding what Maxence suggested in the comments of Augusto's post helped: use double quotes in them for the constant names (line 11-13 in auth.php)

Now I can just go on http://adamenagy.com/viewer.html and the viewer shows the model whose URN I insert in the text box.


The three files (viewer.html, auth.phphttpful.phar): https://github.com/adamenagy/AuthenticateInPHP  

Related Article