{"__v":25,"_id":"55ffca1a0e2b090d008633a7","category":{"__v":31,"_id":"55ffceca0e2b090d008633b2","pages":["55ffcedffeaf310d007dd6d6","55ffd0879e7ccf0d000a1e09","55ffddd1feaf310d007dd6e8","55ffdee4feaf310d007dd6ea","55ffe2336932a00d00ba7abf","55ffeb898c0c9d0d00dcacd0","55fff74c6932a00d00ba7b0c","55fff9df0c703d1900952fe1","55fffecb6932a00d00ba7b1b","55ffffd49e7ccf0d000a1e49","560001159e7ccf0d000a1e4d","560004126932a00d00ba7b2a","560006ef0c703d1900952ffc","560009fa8c0c9d0d00dcad0d","5601137f9137690d00335697","560120f34ea1b40d003bf1a4","5601221bf01fb90d00d4bf7e","5601274781a9670d006d1514","5601292881a9670d006d1516","56012ab3f01fb90d00d4bf88","56012c754ea1b40d003bf1b9","56012d824ea1b40d003bf1c0","56053e9df6b86e0d00284ad1","560541907c8e580d0001afe8","56123c063cf4bc0d00554e37","561264c70157131900b45863","561272d60157131900b45870","5612796d09bdc51700696fdf","56138c7a6fd7042b008f0187","5613a63d46c35f3500773c06","5613a79a44d6662b0071f5d9"],"project":"55edea207145f717001ac12c","version":"55edea207145f717001ac12f","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-21T09:32:58.200Z","from_sync":false,"order":0,"slug":"sdk","title":"SDK"},"project":"55edea207145f717001ac12c","user":"55ede9ed1452cd0d009e5e6b","version":{"__v":11,"_id":"55edea207145f717001ac12f","project":"55edea207145f717001ac12c","createdAt":"2015-09-07T19:48:48.670Z","releaseDate":"2015-09-07T19:48:48.670Z","categories":["55edea217145f717001ac130","55ffa8038c0c9d0d00dcac72","55ffbaa48c0c9d0d00dcac88","55ffbd3e8c0c9d0d00dcac8b","55ffbee40e2b090d00863393","55ffc4306932a00d00ba7a85","55ffc66bfeaf310d007dd6c8","55ffc9c2feaf310d007dd6d1","55ffceca0e2b090d008633b2","560111b06811d00d00ceb34e","560262e74f15002100ee4445"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-09-21T09:12:58.007Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":34,"body":"[block:html]\n{\n  \"html\": \"<div>\\n  <!-- Nav tabs -->\\n  <ul class=\\\"nav nav-tabs langnav\\\" role=\\\"tablist\\\">\\n    <li role=\\\"presentation\\\" class=\\\"active\\\"><a href=\\\"php-sso\\\">PHP</a></li>\\n    <li role=\\\"presentation\\\"><a href=\\\"sdk-single-sign-on\\\">JAVA</a></li>\\n  </ul>\\n</div>\"\n}\n[/block]\nSingle Sign-on is a way to integrate Rublon, which allows users to log into their accounts without login and password, only by scanning QR code with the Rublon App installed on a user smartphone.\n\n##Process description\n\n1. Generating button (type *small* or *large*)\n2. Redirecting browser to getted URL (after button click) and waiting for scanning QR code by user\n3. Getting authenticated user data (by token getted in callback from Rublon)\n4. Checking if user exists in system database. Checking is based on data from Rublon (hashed user emails). In case when user was found, he should be logged to system. In other case proper statement should be displayed (f.e. user is not found etc)\n\n##Example integration\n\n### API access data\n\nFor use Rubl;on API you should set access data:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\ndefine('SYSTEM_TOKEN', 'your_system_token');\\ndefine('SECRET_KEY', 'your_secret_key');\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"body\": \"Note: `System token` and `access key` you can get after adding your project on [Developers Site](http://developers.rublon.com). You need log in on this page using Rublon application installed on your phone. Application is free and you can download for [Android](https://play.google.com/store/apps/details?id=com.rublon.android&hl=pl), [Apple](https://itunes.apple.com/us/app/rublon/id501336019?mt=8) and [Windows](https://www.microsoft.com/en-us/store/apps/rublon/9nblggh07pwx).\"\n}\n[/block]\n### Headers\n\nYou need to require some classes from `libs` directory:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\n// Require libs\\n//----------------------------------\\nrequire_once 'libs/Rublon/RublonLogin.php';\\nrequire_once 'libs/Rublon/Rublon2Factor.php';\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\n### Step #1 and #2\n\nCreate instances of `RublonLogin` and `RublonGUI` classes and render small type button.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\n// Create Rublon instance\\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\\n\\n// Prepare login URL\\n$loginURL = 'http://' . $_SERVER['HTTP_HOST'] . parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) . '?action=rublon';\\n\\n//Create Rublon GUI instance\\n$gui = new RublonGUI($rublon);\\n\\n// Attach JS script\\necho $gui->getConsumerScript();\\n\\n// Rublon Login Box Small\\necho new RublonLoginBox($loginUrl);\\n</code></pre>\\n\\nAfter clicking the button user is redirected to `$loginUrl`. In this action `URL` is getted. You need to redirect browser to this URL for starting user authentication.\\n\\n<pre><code>// Create Rublon instance\\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\\n\\n// Prepare CallbackURL\\n$callbackUrl = 'http://' . $_SERVER['HTTP_HOST'] . parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) . '?rublon=callback';\\n\\n// Request for QR code URL\\n$url = $rublon->getAuthURL($callbackUrl);\\n\\n// Redirect to Rublon to start authentication process\\nheader('location:' . $url);\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\nUser is redirected to page with QR code.\n\n### Step #3 Callback\n\nAfter a successful authentication Rublon will redirect the user's browser to the callback URL. The callback flow continues the authentication process, i.e. the finalization of the authentication (logging in).\n\nThe callback URL will receive its input arguments in the URL address itself (query string).\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\n// Create Rublon instance\\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\\n\\n// Request for user credentials\\n$response = $rublon->getCredentials($_GET['token']);\\n\\n// Get user data array from the response\\n$userData = $response->getResponse();\\n\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\n### Step #4\n`getCredentials` method provides the user's email addresses list which has been entered by user to Rublon. Each email address is not given as a plain-text, but it is the SHA-256 hash of the lower-case email address.\n\nIn order to optimize matching you should create an indexed database column, next to the user's email column, which stores the actual SHA-256 hash of the user's current email address. Then you will be able to select users that matches with the provided hash list after the user has been authenticated by Rublon.\nRublon returns array in format:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\nArray\\n(\\n[status] => OK\\n[result] => Array\\n    (\\n        [version] => 2015-05-06\\n        [deviceId] => 82920\\n        [profileId] => 14262\\n        [email] = adam:::at:::example.com \\n        [emailHashList] => Array\\n            (\\n                [0] => Array\\n                    (\\n                        [uid] => 852532719\\n                        [hash] => 5b85c5ce0db998c728f194a8e2da5fe1158f9550b7065da53519026f69a3df37\\n                    )\\n\\n                [1] => Array\\n                    (\\n                        [uid] => 264059799\\n                        [hash] => 7cff5170644aaa41c734e7a27a16687164dc232b70dfa55550c09dabe45453a9\\n                    )\\n\\n            )\\n\\n    )\\n\\n)\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\n### PHP code for examples described above\n\nArray simulating system users database:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\n// List of local users:\\n$users = array('user@example.com', 'user2@example.com', 'unknown@example.com');\\n\\n// Create a helper hash-to-email map:\\n$usersEmailsHashList = array();\\nforeach ($users as $email) {\\n    $usersEmailsHashList[hash('sha256', $email)] = $email;\\n}\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\nSearching for user in database and login to system:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\nif /* requesting Rublon callback */ (!empty($_GET['rublon']) AND $_GET['rublon'] == 'callback') {\\n    try {\\n        $rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY); // \\n        $credentials = $rublon->getCredentials($_GET['token']);\\n\\n        if ($userEmail = $credentials->getUserEmail()) {\\n            if (in_array($userEmail, $users)) {\\n                $_SESSION['user'] = $userEmail;\\n            }\\n        } else {\\n            $hashList = $credentials->getUserEmailHashList();\\n            foreach ($hashList as $record) {\\n                if (isset($usersEmailsHashList[$record['hash']])) {\\n                    $_SESSION['user'] = $usersEmailsHashList[$record['hash']];\\n                }\\n            }\\n        }\\n\\n        if (empty($_SESSION['user'])) {\\n            die('User not found');\\n        } else {\\n            header('Location: ./');\\n            exit;\\n        }\\n\\n    } catch (RublonException $e) {\\n        echo $e->getClient()->getRawRequest() . PHP_EOL;\\n        echo $e->getClient()->getRawResponse() . PHP_EOL;\\n        echo get_class($e) . PHP_EOL;\\n        die($e->getMessage());\\n    }\\n}\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\nIf user will be found in users database, he should be logged and redirected to homepage accessed after signing.\n\nEmbedding Trusted Devices Manager \n\nRublon provides creating Trusted Device for every authenticated user. Trusted Device allows signing to system without QR code scanning. In this case user is authenticated with this Trusted Device.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?\\necho '<style type=\\\"text/css\\\">iframe {width: 500px; height: 400px; display: inline-block !important; border: 1px solid #cccccc;}</style>';\\n\\n// Create RublonLogin instance\\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\\n\\n// Create RublonGUI instance \\n$gui = new RublonGUI($rublon, $userId = $_SESSION['user'], $userEmail = $_SESSION['user']);\\n\\n// Attach RublonConsumerJS\\necho $gui->getConsumerScript();\\n\\n// Render Trusted Device Widget\\necho new RublonDeviceWidget();\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"php-sso","type":"basic","title":"Single Sign-On"}
[block:html] { "html": "<div>\n <!-- Nav tabs -->\n <ul class=\"nav nav-tabs langnav\" role=\"tablist\">\n <li role=\"presentation\" class=\"active\"><a href=\"php-sso\">PHP</a></li>\n <li role=\"presentation\"><a href=\"sdk-single-sign-on\">JAVA</a></li>\n </ul>\n</div>" } [/block] Single Sign-on is a way to integrate Rublon, which allows users to log into their accounts without login and password, only by scanning QR code with the Rublon App installed on a user smartphone. ##Process description 1. Generating button (type *small* or *large*) 2. Redirecting browser to getted URL (after button click) and waiting for scanning QR code by user 3. Getting authenticated user data (by token getted in callback from Rublon) 4. Checking if user exists in system database. Checking is based on data from Rublon (hashed user emails). In case when user was found, he should be logged to system. In other case proper statement should be displayed (f.e. user is not found etc) ##Example integration ### API access data For use Rubl;on API you should set access data: [block:code] { "codes": [ { "code": "<?\ndefine('SYSTEM_TOKEN', 'your_system_token');\ndefine('SECRET_KEY', 'your_secret_key');", "language": "php" } ] } [/block] [block:callout] { "type": "info", "body": "Note: `System token` and `access key` you can get after adding your project on [Developers Site](http://developers.rublon.com). You need log in on this page using Rublon application installed on your phone. Application is free and you can download for [Android](https://play.google.com/store/apps/details?id=com.rublon.android&hl=pl), [Apple](https://itunes.apple.com/us/app/rublon/id501336019?mt=8) and [Windows](https://www.microsoft.com/en-us/store/apps/rublon/9nblggh07pwx)." } [/block] ### Headers You need to require some classes from `libs` directory: [block:code] { "codes": [ { "code": "<?\n// Require libs\n//----------------------------------\nrequire_once 'libs/Rublon/RublonLogin.php';\nrequire_once 'libs/Rublon/Rublon2Factor.php';", "language": "php" } ] } [/block] ### Step #1 and #2 Create instances of `RublonLogin` and `RublonGUI` classes and render small type button. [block:code] { "codes": [ { "code": "<?\n// Create Rublon instance\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\n\n// Prepare login URL\n$loginURL = 'http://' . $_SERVER['HTTP_HOST'] . parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) . '?action=rublon';\n\n//Create Rublon GUI instance\n$gui = new RublonGUI($rublon);\n\n// Attach JS script\necho $gui->getConsumerScript();\n\n// Rublon Login Box Small\necho new RublonLoginBox($loginUrl);\n</code></pre>\n\nAfter clicking the button user is redirected to `$loginUrl`. In this action `URL` is getted. You need to redirect browser to this URL for starting user authentication.\n\n<pre><code>// Create Rublon instance\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\n\n// Prepare CallbackURL\n$callbackUrl = 'http://' . $_SERVER['HTTP_HOST'] . parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) . '?rublon=callback';\n\n// Request for QR code URL\n$url = $rublon->getAuthURL($callbackUrl);\n\n// Redirect to Rublon to start authentication process\nheader('location:' . $url);", "language": "php" } ] } [/block] User is redirected to page with QR code. ### Step #3 Callback After a successful authentication Rublon will redirect the user's browser to the callback URL. The callback flow continues the authentication process, i.e. the finalization of the authentication (logging in). The callback URL will receive its input arguments in the URL address itself (query string). [block:code] { "codes": [ { "code": "<?\n// Create Rublon instance\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\n\n// Request for user credentials\n$response = $rublon->getCredentials($_GET['token']);\n\n// Get user data array from the response\n$userData = $response->getResponse();\n", "language": "php" } ] } [/block] ### Step #4 `getCredentials` method provides the user's email addresses list which has been entered by user to Rublon. Each email address is not given as a plain-text, but it is the SHA-256 hash of the lower-case email address. In order to optimize matching you should create an indexed database column, next to the user's email column, which stores the actual SHA-256 hash of the user's current email address. Then you will be able to select users that matches with the provided hash list after the user has been authenticated by Rublon. Rublon returns array in format: [block:code] { "codes": [ { "code": "<?\nArray\n(\n[status] => OK\n[result] => Array\n (\n [version] => 2015-05-06\n [deviceId] => 82920\n [profileId] => 14262\n [email] = adam@example.com \n [emailHashList] => Array\n (\n [0] => Array\n (\n [uid] => 852532719\n [hash] => 5b85c5ce0db998c728f194a8e2da5fe1158f9550b7065da53519026f69a3df37\n )\n\n [1] => Array\n (\n [uid] => 264059799\n [hash] => 7cff5170644aaa41c734e7a27a16687164dc232b70dfa55550c09dabe45453a9\n )\n\n )\n\n )\n\n)", "language": "php" } ] } [/block] ### PHP code for examples described above Array simulating system users database: [block:code] { "codes": [ { "code": "<?\n// List of local users:\n$users = array('user@example.com', 'user2@example.com', 'unknown@example.com');\n\n// Create a helper hash-to-email map:\n$usersEmailsHashList = array();\nforeach ($users as $email) {\n $usersEmailsHashList[hash('sha256', $email)] = $email;\n}", "language": "php" } ] } [/block] Searching for user in database and login to system: [block:code] { "codes": [ { "code": "<?\nif /* requesting Rublon callback */ (!empty($_GET['rublon']) AND $_GET['rublon'] == 'callback') {\n try {\n $rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY); // \n $credentials = $rublon->getCredentials($_GET['token']);\n\n if ($userEmail = $credentials->getUserEmail()) {\n if (in_array($userEmail, $users)) {\n $_SESSION['user'] = $userEmail;\n }\n } else {\n $hashList = $credentials->getUserEmailHashList();\n foreach ($hashList as $record) {\n if (isset($usersEmailsHashList[$record['hash']])) {\n $_SESSION['user'] = $usersEmailsHashList[$record['hash']];\n }\n }\n }\n\n if (empty($_SESSION['user'])) {\n die('User not found');\n } else {\n header('Location: ./');\n exit;\n }\n\n } catch (RublonException $e) {\n echo $e->getClient()->getRawRequest() . PHP_EOL;\n echo $e->getClient()->getRawResponse() . PHP_EOL;\n echo get_class($e) . PHP_EOL;\n die($e->getMessage());\n }\n}", "language": "php" } ] } [/block] If user will be found in users database, he should be logged and redirected to homepage accessed after signing. Embedding Trusted Devices Manager Rublon provides creating Trusted Device for every authenticated user. Trusted Device allows signing to system without QR code scanning. In this case user is authenticated with this Trusted Device. [block:code] { "codes": [ { "code": "<?\necho '<style type=\"text/css\">iframe {width: 500px; height: 400px; display: inline-block !important; border: 1px solid #cccccc;}</style>';\n\n// Create RublonLogin instance\n$rublon = new RublonLogin(SYSTEM_TOKEN, SECRET_KEY);\n\n// Create RublonGUI instance \n$gui = new RublonGUI($rublon, $userId = $_SESSION['user'], $userEmail = $_SESSION['user']);\n\n// Attach RublonConsumerJS\necho $gui->getConsumerScript();\n\n// Render Trusted Device Widget\necho new RublonDeviceWidget();", "language": "php" } ] } [/block]