<center>![logo.jpg](https://cdn.steemitimages.com/DQmQUjJz4tFjsUqVfSZfYkkAQqJTXd6my2yvPjrm9AVjHnm/logo.jpg)</center>

This tutorial will expand further on how to integrate Steemconnect authentication into any Wordpress website and request user authorisation.

---

#### Repository
https://github.com/WordPress/WordPress
https://github.com/steemit/steemconnect

#### What will I learn

- Authorisation flow
- Scope
- Get temporary authorisation
- Get offline authorisation
- Store offline tokens in DB

#### Requirements

- PHP
- WordPress

#### Difficulty

- intermediate

---

### Tutorial

#### Preface

WordPress is a frequently used framework for building websites. Integrating STEEM into this ecosystem can greatly benefit both ecosystems. This tutorial will look how to get user authorisation via Steemconnect to perform actions like voting and posting for the user on their behalf.

#### Setting up your Steemconnect app
This tutorial is a direct continuation on [Integrate Steemconnect V2 User Authentication Into Any WordPress Website](https://steemit.com/utopian-io/@steempytutorials/integrate-steemconnect-v2-user-authentication-into-any-wordpress-website).It is required in some parts of this tutorial and should be read first. Included in this is how to set up your Steemconnect app.

#### Authorisation flow
There are 2 different general types of authorisation that both have their own flow. There is offline access and temporary access which expires. Both are initiated by redirecting the user to a link, in which the, Steemconnect `client_id`, `redirect_uri` and the `scope` of the authorisation is included. When the user has approved the authorisation via Steemconnect they get redirected back to your website with either a `code` or `access_token` in the url. `response_type` is used for requestion offline access and must be set to code.


```
url = https://steemconnect.com/oauth2/authorize
```
<br>
Parameters:
- client_id
- redirect_uri
- response_type
- scope


Example
```
https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&response_type=code&scope=offline,vote
```
<br>
After the user has loggin in on Steemconnect with their STEEM account the user will be redirected back to the `redirect_uri` and the url will contain the data variables.
Temporary access response:
```
?access_token=ACCESS_TOKEN&expires_in=36000
```
<br>
Offline access response:
```
?code=CODE
```
<br>
This code in then used in a POST request to get the `access_token`, `refresh_token` and `expires_in`. The refresh_token does not expire.


#### Scope
Steemconnect allows for different authorisation rights. There are called the scope. Below is a table of the full list. In order to get a certain authorisation it must be passed in the request url under scope. Use a comma `,` to separate multiple commands.

<table>
<tr>
<td align="left">login</td>
<td align="left">Verify Steem identity</td>
</tr>
<tr>
<td align="left">offline</td>
<td align="left">Allow long-lived token</td>
</tr>
<tr>
<td align="left">vote</td>
<td align="left">Upvote, downvote or unvote a post or comment</td>
</tr>
<tr>
<td align="left">comment</td>
<td align="left">Publish or edit a post or a comment</td>
</tr>
<tr>
<td align="left">delete_comment</td>
<td align="left">Delete a post or a comment</td>
</tr>
<tr>
<td align="left">comment_options</td>
<td align="left">Add options for a post or comment</td>
</tr>
<tr>
<td align="left">custom_json</td>
<td align="left">Follow, unfollow, ignore, reblog or any <code>custom_json</code> operation</td>
</tr>
<tr>
<td align="left">claim_reward_balance</td>
<td align="left">Claim reward for user</td>
</tr>
</table>

[Source](https://github.com/steemit/steemconnect/wiki/OAuth-2)


#### Get temporary authorisation
Obtaining temporary authorisation is done by directing the user to Steemconnect via the request url with the scope for the desired authorisation. This example will request voting and commenting rights.

```
https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&scope=vote,comment
```
<br>
Set the redirect_url for the page you want the user to return to and us the GET command to retrieve the access_token from the url.

```
if (isset($_GET['access_token'])) {
  $access_token_token = $_GET['access_token']
  $expire_in = $_GET['expire_in']
}
```
<br>
These variables can either be stored in the user's session or in the database.


#### Get offline authorisation

Similar to obtaining temporary authorisation the user has to be directed to a request url to Steemconnect containing the scope of the desired authorisation. This example will request offline voting rights.
```
https://steemconnect.com/oauth2/authorize?client_id=steemautomated&redirect_uri=https://steemautomated.eu/index.php/voting/&response_type=code&scope=offline,vote
```
<br>
When the user has returned, a POST request will be send to Steemconnect containing the code and your client_secret. 
```
if (isset($_GET['code'])) {

  // Params for POST request
  $data = array(
      'code' => $_GET['code'],
      'client_secret' => SC_CLIENT_SECRET
  );

  $payload = json_encode($data);

  // Prepare new cURL resource
  $ch = curl_init('https://steemconnect.com/api/oauth2/token');
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLINFO_HEADER_OUT, true);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);

  // Set HTTP Header for POST request
  curl_setopt($ch, CURLOPT_HTTPHEADER, array(
      'Content-Type: application/json',
      'Content-Length: ' . strlen($payload))
  );

  // Submit the POST request
  $result = curl_exec($ch);

  // Close cURL session handle
  curl_close($ch);

  $json = json_decode($result);
```
This will return an array containing the `access_token`, `refresh_token` and `expire_in` variables.

#### Store offline tokens in DB
To store the data in the database first the following table has to made.

```
CREATE TABLE `steem_authorization` (
  `id` int(11) NOT NULL,
  `access_token` text NOT NULL,
  `user_login` varchar(20) NOT NULL,
  `expires_in` datetime NOT NULL,
  `refresh_token` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
```

The result from the POST request is decoded and the `expire_on` date is calculated by taking the current time and adding `expire_in` to it.

```
$json = json_decode($result);
$date = date("Y/m/d H:G:s", time() + $json->expires_in);

// Add tokens to the database
global $wpdb;
$wpdb->query("INSERT INTO `steem_authorization` (`id`, `access_token`, " .
"`user_login`, `expires_in`, `refresh_token`) VALUES (NULL, " .
"'" . $json->access_token . "', '" . $json->username ."', '" .
$date . "', '" . $json->refresh_token ."') ON DUPLICATE KEY UPDATE " .
"`user_login`='" . $json->username ."';");
```

Note: For `user_login` to be the same as their STEEM acount the user must be logged in via Steemconnect as shown in the previous tutorial.

#### Curriculum
[Part 1 - Integrate Steemconnect V2 User Authentication Into Any WordPress Website](https://steemit.com/utopian-io/@steempytutorials/integrate-steemconnect-v2-user-authentication-into-any-wordpress-website)

---



This tutorial was written by @juliank.