dolibarr 24.0.0-beta
oauth.lib.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2012 Nicolas Villa aka Boyquotes http://informetic.fr
3 * Copyright (C) 2013 Florian Henry <florian.henry@opn-concept.pro>
4 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
5 * Copyright (C) 2025 Frédéric France <frederic.france@free.fr>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
28// API access parameters OAUTH
29
35function getAllOauth2Array()
36{
37 $list = array(
38 array(
39 'OAUTH_AMAZON_NAME',
40 'OAUTH_AMAZON_ID',
41 'OAUTH_AMAZON_SECRET',
42 ),
43 array(
44 'OAUTH_BITBUCKET_NAME',
45 'OAUTH_BITBUCKET_ID',
46 'OAUTH_BITBUCKET_SECRET',
47 ),
48 array(
49 'OAUTH_BITLY_NAME',
50 'OAUTH_BITLY_ID',
51 'OAUTH_BITLY_SECRET',
52 ),
53 array(
54 'OAUTH_BITRIX24_NAME',
55 'OAUTH_BITRIX24_ID',
56 'OAUTH_BITRIX24_SECRET',
57 ),
58 array(
59 'OAUTH_BOX_NAME',
60 'OAUTH_BOX_ID',
61 'OAUTH_BOX_SECRET',
62 ),
63 array(
64 'OAUTH_BUFFER_NAME',
65 'OAUTH_BUFFER_ID',
66 'OAUTH_BUFFER_SECRET',
67 ),
68 array(
69 'OAUTH_DAILYMOTION_NAME',
70 'OAUTH_DAILYMOTION_ID',
71 'OAUTH_DAILYMOTION_SECRET',
72 ),
73 array(
74 'OAUTH_DEVIANTART_NAME',
75 'OAUTH_DEVIANTART_ID',
76 'OAUTH_DEVIANTART_SECRET',
77 ),
78 array(
79 'OAUTH_DROPBOX_NAME',
80 'OAUTH_DROPBOX_ID',
81 'OAUTH_DROPBOX_SECRET',
82 ),
83 array(
84 'OAUTH_ETSY_NAME',
85 'OAUTH_ETSY_ID',
86 'OAUTH_ETSY_SECRET',
87 ),
88 array(
89 'OAUTH_EVEONLINE_NAME',
90 'OAUTH_EVEONLINE_ID',
91 'OAUTH_EVEONLINE_SECRET',
92 ),
93 array(
94 'OAUTH_FACEBOOK_NAME',
95 'OAUTH_FACEBOOK_ID',
96 'OAUTH_FACEBOOK_SECRET',
97 ),
98 array(
99 'OAUTH_FITBIT_NAME',
100 'OAUTH_FITBIT_ID',
101 'OAUTH_FITBIT_SECRET',
102 ),
103 array(
104 'OAUTH_FIVEHUNDREDPX_NAME',
105 'OAUTH_FIVEHUNDREDPX_ID',
106 'OAUTH_FIVEHUNDREDPX_SECRET',
107 ),
108 array(
109 'OAUTH_FLICKR_NAME',
110 'OAUTH_FLICKR_ID',
111 'OAUTH_FLICKR_SECRET',
112 ),
113 array(
114 'OAUTH_FOURSQUARE_NAME',
115 'OAUTH_FOURSQUARE_ID',
116 'OAUTH_FOURSQUARE_SECRET',
117 ),
118 array(
119 'OAUTH_GITHUB_NAME',
120 'OAUTH_GITHUB_ID',
121 'OAUTH_GITHUB_SECRET',
122 'OAUTH_GITHUB_DESC',
123 ),
124 array(
125 'OAUTH_GOOGLE_NAME',
126 'OAUTH_GOOGLE_ID',
127 'OAUTH_GOOGLE_SECRET',
128 'OAUTH_GOOGLE_DESC',
129 ),
130 array(
131 'OAUTH_HUBIC_NAME',
132 'OAUTH_HUBIC_ID',
133 'OAUTH_HUBIC_SECRET',
134 ),
135 array(
136 'OAUTH_INSTAGRAM_NAME',
137 'OAUTH_INSTAGRAM_ID',
138 'OAUTH_INSTAGRAM_SECRET',
139 ),
140 array(
141 'OAUTH_LINKEDIN_NAME',
142 'OAUTH_LINKEDIN_ID',
143 'OAUTH_LINKEDIN_SECRET',
144 ),
145 array(
146 'OAUTH_MAILCHIMP_NAME',
147 'OAUTH_MAILCHIMP_ID',
148 'OAUTH_MAILCHIMP_SECRET',
149 ),
150 array(
151 'OAUTH_MICROSOFT_NAME',
152 'OAUTH_MICROSOFT_ID',
153 'OAUTH_MICROSOFT_SECRET',
154 ),
155 array(
156 'OAUTH_MICROSOFT2_NAME',
157 'OAUTH_MICROSOFT2_ID',
158 'OAUTH_MICROSOFT2_SECRET',
159 ),
160 array(
161 'OAUTH_MICROSOFT3_NAME',
162 'OAUTH_MICROSOFT3_ID',
163 'OAUTH_MICROSOFT3_SECRET',
164 'OAUTH_MICROSOFT3_DESC',
165 ),
166 array(
167 'OAUTH_NEST_NAME',
168 'OAUTH_NEST_ID',
169 'OAUTH_NEST_SECRET',
170 ),
171 array(
172 'OAUTH_NETATMO_NAME',
173 'OAUTH_NETATMO_ID',
174 'OAUTH_NETATMO_SECRET',
175 ),
176 array(
177 'OAUTH_PARROTFLOWERPOWER_NAME',
178 'OAUTH_PARROTFLOWERPOWER_ID',
179 'OAUTH_PARROTFLOWERPOWER_SECRET',
180 ),
181 array(
182 'OAUTH_PAYPAL_NAME',
183 'OAUTH_PAYPAL_ID',
184 'OAUTH_PAYPAL_SECRET',
185 ),
186 array(
187 'OAUTH_POCKET_NAME',
188 'OAUTH_POCKET_ID',
189 'OAUTH_POCKET_SECRET',
190 ),
191 array(
192 'OAUTH_QUICKBOOKS_NAME',
193 'OAUTH_QUICKBOOKS_ID',
194 'OAUTH_QUICKBOOKS_SECRET',
195 ),
196 array(
197 'OAUTH_REDDIT_NAME',
198 'OAUTH_REDDIT_ID',
199 'OAUTH_REDDIT_SECRET',
200 ),
201 array(
202 'OAUTH_REDMINE_NAME',
203 'OAUTH_REDMINE_ID',
204 'OAUTH_REDMINE_SECRET',
205 ),
206 array(
207 'OAUTH_RUNKEEPER_NAME',
208 'OAUTH_RUNKEEPER_ID',
209 'OAUTH_RUNKEEPER_SECRET',
210 ),
211 array(
212 'OAUTH_SCOOPIT_NAME',
213 'OAUTH_SCOOPIT_ID',
214 'OAUTH_SCOOPIT_SECRET',
215 ),
216 array(
217 'OAUTH_SOUNDCLOUD_NAME',
218 'OAUTH_SOUNDCLOUD_ID',
219 'OAUTH_SOUNDCLOUD_SECRET',
220 ),
221 array(
222 'OAUTH_SPOTIFY_NAME',
223 'OAUTH_SPOTIFY_ID',
224 'OAUTH_SPOTIFY_SECRET',
225 ),
226 array(
227 'OAUTH_STRAVA_NAME',
228 'OAUTH_STRAVA_ID',
229 'OAUTH_STRAVA_SECRET',
230 ),
231 array(
232 'OAUTH_STRIPETEST_NAME',
233 'OAUTH_STRIPETEST_ID',
234 'OAUTH_STRIPETEST_SECRET_KEY',
235 ),
236 array(
237 'OAUTH_STRIPELIVE_NAME',
238 'OAUTH_STRIPELIVE_ID',
239 'OAUTH_STRIPELIVE_SECRET_KEY',
240 ),
241 array(
242 'OAUTH_TUMBLR_NAME',
243 'OAUTH_TUMBLR_ID',
244 'OAUTH_TUMBLR_SECRET',
245 ),
246 array(
247 'OAUTH_TWITTER_NAME',
248 'OAUTH_TWITTER_ID',
249 'OAUTH_TWITTER_SECRET',
250 ),
251 array(
252 'OAUTH_USTREAM_NAME',
253 'OAUTH_USTREAM_ID',
254 'OAUTH_USTREAM_SECRET',
255 ),
256 array(
257 'OAUTH_VIMEO_NAME',
258 'OAUTH_VIMEO_ID',
259 'OAUTH_VIMEO_SECRET',
260 ),
261 array(
262 'OAUTH_YAHOO_NAME',
263 'OAUTH_YAHOO_ID',
264 'OAUTH_YAHOO_SECRET',
265 ),
266 array(
267 'OAUTH_YAMMER_NAME',
268 'OAUTH_YAMMER_ID',
269 'OAUTH_YAMMER_SECRET',
270 ),
271 array(
272 'OAUTH_GENERIC_NAME',
273 'OAUTH_GENERIC_ID',
274 'OAUTH_GENERIC_SECRET',
275 )
276 );
277
278 return $list;
279}
280
281
287function getSupportedOauth2Array()
288{
289 // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
290 $supportedoauth2array = array(
291 'OAUTH_GOOGLE_NAME' => array(
292 'callbackfile' => 'google', // used to generate the filename: google_oauthcallback.php
293 'picto' => 'google',
294 'urlforapp' => 'OAUTH_GOOGLE_DESC',
295 'name' => 'Google',
296 'urlforcredentials' => 'https://console.developers.google.com/',
297 'availablescopes' => 'userinfo_email,userinfo_profile,openid,email,profile,cloud_print,admin_directory_user,gmail_full,contact,https://www.googleapis.com/auth/contacts,https://www.googleapis.com/auth/calendar',
298 'returnurl' => '/core/modules/oauth/google_oauthcallback.php'
299 ),
300 );
301 if (isModEnabled('stripe')) {
302 $supportedoauth2array['OAUTH_STRIPETEST_NAME'] = array(
303 'callbackfile' => 'stripetest',
304 'picto' => 'stripe',
305 'urlforapp' => '',
306 'name' => 'StripeTest',
307 'urlforcredentials' => 'https://dashboard.stripe.com/settings/connect',
308 'availablescopes' => 'read_write',
309 'returnurl' => '/core/modules/oauth/stripetest_oauthcallback.php'
310 );
311 $supportedoauth2array['OAUTH_STRIPELIVE_NAME'] = array(
312 'callbackfile' => 'stripelive',
313 'picto' => 'stripe',
314 'urlforapp' => '',
315 'name' => 'StripeLive',
316 'urlforcredentials' => 'https://dashboard.stripe.com/settings/connect',
317 'availablescopes' => 'read_write',
318 'returnurl' => '/core/modules/oauth/stripelive_oauthcallback.php'
319 );
320 }
321 $supportedoauth2array['OAUTH_GITHUB_NAME'] = array(
322 'callbackfile' => 'github',
323 'picto' => 'github',
324 'urlforapp' => 'OAUTH_GITHUB_DESC',
325 'name' => 'GitHub',
326 'urlforcredentials' => 'https://github.com/settings/developers',
327 'availablescopes' => 'user,public_repo',
328 'returnurl' => '/core/modules/oauth/github_oauthcallback.php'
329 );
330 // See https://learn.microsoft.com/fr-fr/azure/active-directory/develop/quickstart-register-app#register-an-application
331 $supportedoauth2array['OAUTH_MICROSOFT_NAME'] = array(
332 'callbackfile' => 'microsoft',
333 'picto' => 'microsoft',
334 'urlforapp' => 'OAUTH_MICROSOFT_DESC',
335 'name' => 'Microsoft [outlook.office365]',
336 'urlforcredentials' => 'https://portal.azure.com/',
337 // User.Read is a microsoftgraph scope, if it's not working, do not select it
338 'availablescopes' => 'openid,offline_access,profile,email,User.Read,https://outlook.office365.com/IMAP.AccessAsUser.All,https://outlook.office365.com/SMTP.Send',
339 'returnurl' => '/core/modules/oauth/microsoft_oauthcallback.php'
340 );
341 $supportedoauth2array['OAUTH_MICROSOFT2_NAME'] = array(
342 'callbackfile' => 'microsoft2',
343 'picto' => 'microsoft',
344 'urlforapp' => 'OAUTH_MICROSOFT2_DESC',
345 'name' => 'Microsoft [outlook.office]',
346 'urlforcredentials' => 'https://portal.azure.com/',
347 // User.Read is a microsoftgraph scope, if it's not working, do not select it
348 'availablescopes' => 'openid,offline_access,profile,email,User.Read,https://outlook.office.com/.default',
349 'returnurl' => '/core/modules/oauth/microsoft2_oauthcallback.php'
350 );
351 $supportedoauth2array['OAUTH_MICROSOFT3_NAME'] = array(
352 'callbackfile' => 'microsoft3',
353 'picto' => 'microsoft',
354 'urlforapp' => 'OAUTH_MICROSOFT3_DESC',
355 'name' => 'Microsoft Exchange Online [SMTP/IMAP]',
356 'urlforcredentials' => 'https://portal.azure.com/',
357 // CRITICAL: Use ONLY outlook.office.com scopes here, do NOT mix with Graph scopes (openid/profile/email).
358 // Mixing two resource namespaces in one token request causes AADSTS28000 error.
359 // offline_access is a neutral scope (no resource prefix) and is allowed alongside any resource.
360 // Azure permissions required: Microsoft Graph > Delegated > SMTP.Send and IMAP.AccessAsUser.All
361 'availablescopes' => 'offline_access,https://outlook.office.com/SMTP.Send,https://outlook.office.com/IMAP.AccessAsUser.All',
362 'returnurl' => '/core/modules/oauth/microsoft3_oauthcallback.php'
363 );
364
365 // Add a generic Oauth token handler. Tested with Mastodon.
366 $supportedoauth2array['OAUTH_GENERIC_NAME'] = array(
367 'callbackfile' => 'generic',
368 'picto' => 'generic',
369 'urlforapp' => 'OAUTH_GENERIC_DESC',
370 'name' => 'Generic',
371 'urlforcredentials' => '',
372 'availablescopes' => 'Standard',
373 'returnurl' => '/core/modules/oauth/generic_oauthcallback.php'
374 );
375
376 return $supportedoauth2array;
377}
378
379
385function oauthadmin_prepare_head()
386{
387 global $langs, $conf;
388 $h = 0;
389 $head = array();
390
391 $head[$h][0] = DOL_URL_ROOT.'/admin/oauth.php';
392 $head[$h][1] = $langs->trans("OAuthServices");
393 $head[$h][2] = 'services';
394 $h++;
395
396 $head[$h][0] = DOL_URL_ROOT.'/admin/oauthlogintokens.php';
397 $head[$h][1] = $langs->trans("TokenManager");
398 $head[$h][2] = 'tokengeneration';
399 $h++;
400
401 complete_head_from_modules($conf, $langs, null, $head, $h, 'oauthadmin');
402
403 complete_head_from_modules($conf, $langs, null, $head, $h, 'oauthadmin', 'remove');
404
405
406 return $head;
407}
$conf
if(!isModEnabled('ai')||!getDolGlobalString('AI_ASSISTANT_ENABLED')) global $conf
The main.inc.php has been included so the following variable are now defined:
Definition execute_tool.php:50
complete_head_from_modules
complete_head_from_modules($conf, $langs, $object, &$head, &$h, $type, $mode='add', $filterorigmodule='')
Complete or removed entries into a head array (used to build tabs).
Definition functions.lib.php:12901
isModEnabled
isModEnabled($module)
Is Dolibarr module enabled.
Definition functions.lib.php:489
getAllOauth2Array
getAllOauth2Array()
Return array of possible OAUTH2 services.
Definition oauth.lib.php:35
getSupportedOauth2Array
getSupportedOauth2Array()
Return array of tabs to use on pages to setup cron module.
Definition oauth.lib.php:287
oauthadmin_prepare_head
oauthadmin_prepare_head()
Return array of tabs to used on pages to setup cron module.
Definition oauth.lib.php:385
Generated on Mon Jun 22 2026 21:04:41 for dolibarr by Doxygen 1.11.0