4 * PHPMailer - PHP email creation and transport class.
7 * @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
8 * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
9 * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
10 * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
11 * @author Brent R. Matzelle (original founder)
12 * @copyright 2012 - 2020 Marcus Bointon
13 * @copyright 2010 - 2012 Jim Jagielski
14 * @copyright 2004 - 2009 Andy Prevost
15 * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
16 * @note This program is distributed in the hope that it will be useful - WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE.
22 * Get an OAuth2 token from an OAuth2 provider.
23 * * Install this script on your server so that it's accessible
24 * as [https/http]://<yourdomain>/<folder>/get_oauth_token.php
25 * e.g.: http://localhost/phpmailer/get_oauth_token.php
26 * * Ensure dependencies are installed with 'composer install'
27 * * Set up an app in your Google/Yahoo/Microsoft account
28 * * Set the script address as the app's redirect URL
29 * If no refresh token is obtained when running this file,
30 * revoke access to your app and run the script again.
33 namespace PHPMailer\PHPMailer;
36 * Aliases for League Provider Classes
37 * Make sure you have added these to your composer.json and run `composer install`
38 * Plenty to choose from here:
39 * @see http://oauth2-client.thephpleague.com/providers/thirdparty/
41 //@see https://github.com/thephpleague/oauth2-google
42 use League\OAuth2\Client\Provider\Google;
43 //@see https://packagist.org/packages/hayageek/oauth2-yahoo
44 use Hayageek\OAuth2\Client\Provider\Yahoo;
45 //@see https://github.com/stevenmaguire/oauth2-microsoft
46 use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
47 //@see https://github.com/greew/oauth2-azure-provider
48 use Greew\OAuth2\Client\Provider\Azure;
50 if (!isset($_GET['code']) && !isset($_POST['provider'])) {
55 <h1>Select Provider</h1>
56 <input type="radio" name="provider" value="Google" id="providerGoogle">
57 <label for="providerGoogle">Google</label><br>
58 <input type="radio" name="provider" value="Yahoo" id="providerYahoo">
59 <label for="providerYahoo">Yahoo</label><br>
60 <input type="radio" name="provider" value="Microsoft" id="providerMicrosoft">
61 <label for="providerMicrosoft">Microsoft</label><br>
62 <input type="radio" name="provider" value="Azure" id="providerAzure">
63 <label for="providerAzure">Azure</label><br>
64 <h1>Enter id and secret</h1>
65 <p>These details are obtained by setting up an app in your provider's developer console.
67 <p>ClientId: <input type="text" name="clientId"><p>
68 <p>ClientSecret: <input type="text" name="clientSecret"></p>
69 <p>TenantID (only relevant for Azure): <input type="text" name="tenantId"></p>
70 <input type="submit" value="Continue">
78 require 'vendor/autoload.php';
87 if (array_key_exists('provider', $_POST)) {
88 $providerName = $_POST['provider'];
89 $clientId = $_POST['clientId'];
90 $clientSecret = $_POST['clientSecret'];
91 $tenantId = $_POST['tenantId'];
92 $_SESSION['provider'] = $providerName;
93 $_SESSION['clientId'] = $clientId;
94 $_SESSION['clientSecret'] = $clientSecret;
95 $_SESSION['tenantId'] = $tenantId;
96 } elseif (array_key_exists('provider', $_SESSION)) {
97 $providerName = $_SESSION['provider'];
98 $clientId = $_SESSION['clientId'];
99 $clientSecret = $_SESSION['clientSecret'];
100 $tenantId = $_SESSION['tenantId'];
103 //If you don't want to use the built-in form, set your client id and secret here
104 //$clientId = 'RANDOMCHARS-----duv1n2.apps.googleusercontent.com';
105 //$clientSecret = 'RANDOMCHARS-----lGyjPcRtvP';
107 //If this automatic URL doesn't work, set it yourself manually to the URL of this script
108 $redirectUri = (isset($_SERVER['HTTPS']) ? 'https://' : 'http://') . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
109 //$redirectUri = 'http://localhost/PHPMailer/redirect';
112 'clientId' => $clientId,
113 'clientSecret' => $clientSecret,
114 'redirectUri' => $redirectUri,
115 'accessType' => 'offline'
121 switch ($providerName) {
123 $provider = new Google($params);
126 'https://mail.google.com/'
131 $provider = new Yahoo($params);
134 $provider = new Microsoft($params);
143 $params['tenantId'] = $tenantId;
145 $provider = new Azure($params);
148 'https://outlook.office.com/SMTP.Send',
155 if (null === $provider) {
156 exit('Provider missing');
159 if (!isset($_GET['code'])) {
160 //If we don't have an authorization code then get one
161 $authUrl = $provider->getAuthorizationUrl($options);
162 $_SESSION['oauth2state'] = $provider->getState();
163 header('Location: ' . $authUrl);
165 //Check given state against previously stored one to mitigate CSRF attack
166 } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
167 unset($_SESSION['oauth2state']);
168 unset($_SESSION['provider']);
169 exit('Invalid state');
171 unset($_SESSION['provider']);
172 //Try to get an access token (using the authorization code grant)
173 $token = $provider->getAccessToken(
174 'authorization_code',
176 'code' => $_GET['code']
179 //Use this to interact with an API on the users behalf
180 //Use this to get a new access token if the old one expires
181 echo 'Refresh Token: ', $token->getRefreshToken();