+TikTok provider (#1)

Author: codemasher

.config/.env_example

@@ -236,6 +236,12 @@ TIDAL_SECRET=
 TIDAL_CALLBACK_URL=
 #TIDAL_TESTUSER=
 
+# https://developers.tiktok.com/apps/
+TIKTOK_KEY=
+TIKTOK_SECRET=
+TIKTOK_CALLBACK_URL=
+#TIKTOK_TESTUSER=
+
 # https://www.tumblr.com/oauth/apps
 TUMBLR_KEY=
 TUMBLR_SECRET=

README.md

@@ -144,6 +144,7 @@ Note: check the [releases](https://github.com/chillerlan/php-oauth/releases) for
 | [Steam](https://developer.valvesoftware.com/wiki/Steam_Web_API) | [link](https://steamcommunity.com/dev/apikey) |  | - | ✓ |  |  |  |  |  |
 | [Stripe](https://stripe.com/docs/api) | [link](https://dashboard.stripe.com/apikeys) | [link](https://dashboard.stripe.com/account/applications) | 2 | ✓ | ✓ |  |  | ✓ | ✓ |
 | [Tidal](https://developer.tidal.com/documentation) | [link](https://developer.tidal.com/dashboard) | [link](https://account.tidal.com/third-party-apps) | 2 | ✓ | ✓ | ✓ | ✓ | ✓ |  |
+| [TikTok](https://developers.tiktok.com/doc/overview/) | [link](https://developers.tiktok.com/apps/) | [link](https://example.com/user/settings/connections) | 2 |  | ✓ | ✓ |  | ✓ |  |
 | [Tumblr](https://www.tumblr.com/docs/en/api/v2) | [link](https://www.tumblr.com/oauth/apps) | [link](https://www.tumblr.com/settings/apps) | 1 | ✓ |  |  |  |  |  |
 | [Tumblr2](https://www.tumblr.com/docs/en/api/v2) | [link](https://www.tumblr.com/oauth/apps) | [link](https://www.tumblr.com/settings/apps) | 2 | ✓ | ✓ |  | ✓ | ✓ |  |
 | [Twitch](https://dev.twitch.tv/docs/api/reference/) | [link](https://dev.twitch.tv/console/apps/create) | [link](https://www.twitch.tv/settings/connections) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |

docs/Basics/Overview.md

@@ -79,6 +79,7 @@ fully [PSR-7](https://www.php-fig.org/psr/psr-7/)/[PSR-17](https://www.php-fig.o
 | [Steam](https://developer.valvesoftware.com/wiki/Steam_Web_API) | [link](https://steamcommunity.com/dev/apikey) |  | - | ✓ |  |  |  |  |  |
 | [Stripe](https://stripe.com/docs/api) | [link](https://dashboard.stripe.com/apikeys) | [link](https://dashboard.stripe.com/account/applications) | 2 | ✓ | ✓ |  |  | ✓ | ✓ |
 | [Tidal](https://developer.tidal.com/documentation) | [link](https://developer.tidal.com/dashboard) | [link](https://account.tidal.com/third-party-apps) | 2 | ✓ | ✓ | ✓ | ✓ | ✓ |  |
+| [TikTok](https://developers.tiktok.com/doc/overview/) | [link](https://developers.tiktok.com/apps/) | [link](https://example.com/user/settings/connections) | 2 |  | ✓ | ✓ |  | ✓ |  |
 | [Tumblr](https://www.tumblr.com/docs/en/api/v2) | [link](https://www.tumblr.com/oauth/apps) | [link](https://www.tumblr.com/settings/apps) | 1 | ✓ |  |  |  |  |  |
 | [Tumblr2](https://www.tumblr.com/docs/en/api/v2) | [link](https://www.tumblr.com/oauth/apps) | [link](https://www.tumblr.com/settings/apps) | 2 | ✓ | ✓ |  | ✓ | ✓ |  |
 | [Twitch](https://dev.twitch.tv/docs/api/reference/) | [link](https://dev.twitch.tv/console/apps/create) | [link](https://www.twitch.tv/settings/connections) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |

examples/get-token/TikTok.php

@@ -0,0 +1,21 @@
+<?php
+/**
+ * @link https://developers.tiktok.com/doc/login-kit-web/
+ *
+ * @created      11.04.2024
+ * @author       Smiley <[email protected]>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+declare(strict_types=1);
+
+use chillerlan\OAuth\Providers\TikTok;
+
+require_once __DIR__.'/../provider-example-common.php';
+
+/** @var \OAuthExampleProviderFactory $factory */
+$provider = $factory->getProvider(TikTok::class);
+
+require_once __DIR__.'/_flow-oauth2.php';
+
+exit;

src/Providers/TikTok.php

@@ -0,0 +1,126 @@
+<?php
+/**
+ * Class TikTok
+ *
+ * @created      11.04.2024
+ * @author       smiley <[email protected]>
+ * @copyright    2024 smiley
+ * @license      MIT
+ *
+ * @noinspection PhpUnused
+ */
+declare(strict_types=1);
+
+namespace chillerlan\OAuth\Providers;
+
+use chillerlan\OAuth\Core\{AuthenticatedUser, CSRFToken, OAuth2Provider, PKCE, PKCETrait, TokenRefresh, UserInfo};
+use function array_merge, implode;
+
+/**
+ * @see https://developers.tiktok.com/doc/login-kit-web/
+ * @see https://developers.tiktok.com/doc/oauth-user-access-token-management/
+ */
+class TikTok extends OAuth2Provider implements CSRFToken, PKCE, TokenRefresh, UserInfo{
+	use PKCETrait;
+
+	public const IDENTIFIER = 'TIKTOK';
+
+	public const SCOPES_DELIMITER = ',';
+
+	public const SCOPE_VIDEO_UPLOAD                       = 'video.upload';
+	public const SCOPE_VIDEO_LIST                         = 'video.list';
+	public const SCOPE_VIDEO_PUBLISH                      = 'video.publish';
+	public const SCOPE_USER_INFO_BASIC                    = 'user.info.basic';
+	public const SCOPE_USER_INFO_PROFILE                  = 'user.info.profile';
+	public const SCOPE_USER_INFO_STATS                    = 'user.info.stats';
+	public const SCOPE_PORTABILITY_PPOSTPROFILE_ONGOING   = 'portability.postsandprofile.ongoing';
+	public const SCOPE_PORTABILITY_PPOSTPROFILE_SINGLE    = 'portability.postsandprofile.single';
+	public const SCOPE_PORTABILITY_ALL_ONGOING            = 'portability.all.ongoing';
+	public const SCOPE_PORTABILITY_ALL_SINGLE             = 'portability.all.single';
+	public const SCOPE_PORTABILITY_DIRECTMESSAGES_ONGOING = 'portability.directmessages.ongoing';
+	public const SCOPE_PORTABILITY_DIRECTMESSAGES_SINGLE  = 'portability.directmessages.single';
+	public const SCOPE_PORTABILITY_ACTIVITY_ONGOING       = 'portability.activity.ongoing';
+	public const SCOPE_PORTABILITY_ACTIVITY_SINGLE        = 'portability.activity.single';
+
+	public const DEFAULT_SCOPES = [
+		self::SCOPE_USER_INFO_BASIC,
+		self::SCOPE_USER_INFO_PROFILE,
+		self::SCOPE_USER_INFO_STATS,
+		self::SCOPE_VIDEO_LIST,
+	];
+
+	protected string      $authorizationURL = 'https://www.tiktok.com/v2/auth/authorize/';
+	protected string      $accessTokenURL   = 'https://open.tiktokapis.com/v2/oauth/token/';
+	protected string      $revokeURL        = 'https://open.tiktokapis.com/v2/oauth/revoke/';
+	protected string      $apiURL           = 'https://open.tiktokapis.com';
+	protected string|null $apiDocs          = 'https://developers.tiktok.com/doc/overview/';
+	protected string|null $applicationURL   = 'https://developers.tiktok.com/apps/';
+	protected string|null $userRevokeURL    = 'https://example.com/user/settings/connections';
+
+	/**
+	 * @inheritDoc
+	 */
+	protected function getAuthorizationURLRequestParams(array $params, array $scopes):array{
+
+		unset($params['client_secret']);
+
+		$params = array_merge($params, [
+			'client_key'    => $this->options->key,
+			'redirect_uri'  => $this->options->callbackURL,
+			'response_type' => 'code',
+		]);
+
+		if(!empty($scopes)){
+			$params['scope'] = implode($this::SCOPES_DELIMITER, $scopes);
+		}
+
+		$params = $this->setCodeChallenge($params, PKCE::CHALLENGE_METHOD_S256);
+
+		return $this->setState($params);
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	protected function getAccessTokenRequestBodyParams(string $code):array{
+
+		$params = [
+			'client_key'    => $this->options->key,
+			'client_secret' => $this->options->secret,
+			'code'          => $code,
+			'grant_type'    => 'authorization_code',
+			'redirect_uri'  => $this->options->callbackURL,
+		];
+
+		return $this->setCodeVerifier($params);
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	protected function getRefreshAccessTokenRequestBodyParams(string $refreshToken):array{
+		return [
+			'client_key'    => $this->options->key,
+			'client_secret' => $this->options->secret,
+			'grant_type'    => 'refresh_token',
+			'refresh_token' => $refreshToken,
+		];
+	}
+
+	public function me():AuthenticatedUser{
+		$params = ['fields' => 'open_id,avatar_url,display_name,profile_deep_link,username,is_verified'];
+		$json   = $this->getMeResponseData('/v2/user/info/', $params);
+
+		$userdata = [
+			'avatar'      => $json['data']['user']['avatar_url'],
+			'data'        => $json,
+			'displayName' => $json['data']['user']['display_name'],
+			'handle'      => $json['data']['user']['username'],
+			'id'          => $json['data']['user']['open_id'],
+			'url'         => $json['data']['user']['profile_deep_link'],
+		];
+
+		return new AuthenticatedUser($userdata);
+	}
+
+}

tests/Providers/Live/TikTokAPITest.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * Class TikTokAPITest
+ *
+ * @created      06.04.2018
+ * @author       Smiley <[email protected]>
+ * @copyright    2018 Smiley
+ * @license      MIT
+ */
+declare(strict_types=1);
+
+use chillerlan\OAuth\Providers\TikTok;
+use chillerlan\OAuthTest\Attributes\Provider;
+use chillerlan\OAuthTest\Providers\Live\OAuth2ProviderLiveTestAbstract;
+use PHPUnit\Framework\Attributes\Group;
+
+/**
+ * @property \chillerlan\OAuth\Providers\TikTok $provider
+ */
+#[Group('providerLiveTest')]
+#[Provider(TikTok::class)]
+final class TikTokAPITest extends OAuth2ProviderLiveTestAbstract{
+
+}

tests/Providers/Unit/TikTokTest.php

@@ -0,0 +1,77 @@
+<?php
+/**
+ * Class TikTokTest
+ *
+ * @created      18.04.2024
+ * @author       smiley <[email protected]>
+ * @copyright    2024 smiley
+ * @license      MIT
+ */
+declare(strict_types=1);
+
+namespace chillerlan\OAuthTest\Providers\Unit;
+
+use chillerlan\HTTP\Utils\QueryUtil;
+use chillerlan\OAuth\Providers\TikTok;
+use chillerlan\OAuthTest\Attributes\Provider;
+use function implode;
+
+/**
+ * @property \chillerlan\OAuth\Providers\TikTok $provider
+ */
+#[Provider(TikTok::class)]
+final class TikTokTest extends OAuth2ProviderUnitTestAbstract{
+
+	public function testGetAuthURL():void{
+		$uri    = $this->provider->getAuthorizationURL();
+		$params = QueryUtil::parse($uri->getQuery());
+
+		$this::assertSame($this->getReflectionProperty('authorizationURL'), (string)$uri->withQuery(''));
+
+		$this::assertArrayHasKey('client_key', $params);
+		$this::assertArrayHasKey('redirect_uri', $params);
+		$this::assertArrayHasKey('response_type', $params);
+
+		$this::assertArrayHasKey('state', $params);
+	}
+
+	public function testGetAuthURLRequestParams():void{
+		$extraparams = ['response_type' => 'whatever', 'foo' => 'bar'];
+		$scopes      = ['scope1', 'scope2', 'scope3'];
+
+		$params = $this->invokeReflectionMethod('getAuthorizationURLRequestParams', [$extraparams, $scopes]);
+
+		$this::assertSame($this->options->key, $params['client_key']);
+		$this::assertSame($this->options->callbackURL, $params['redirect_uri']);
+		$this::assertSame('code', $params['response_type']);
+		$this::assertSame(implode($this->provider::SCOPES_DELIMITER, $scopes), $params['scope']);
+		$this::assertSame('bar', $params['foo']);
+	}
+
+	public function testGetAccessTokenRequestBodyParams():void{
+		$verifier = $this->provider->generateVerifier($this->options->pkceVerifierLength);
+
+		$this->storage->storeCodeVerifier($verifier, $this->provider->getName());
+
+		$params = $this->invokeReflectionMethod('getAccessTokenRequestBodyParams', ['*test_code*']);
+
+		$this::assertSame('*test_code*', $params['code']);
+		$this::assertSame($this->options->callbackURL, $params['redirect_uri']);
+		$this::assertSame('authorization_code', $params['grant_type']);
+		$this::assertSame($this->options->key, $params['client_key']);
+		$this::assertSame($this->options->secret, $params['client_secret']);
+
+		$this::assertSame($verifier, $params['code_verifier']);
+
+	}
+
+	public function testGetRefreshAccessTokenRequestBodyParams():void{
+		$params = $this->invokeReflectionMethod('getRefreshAccessTokenRequestBodyParams', ['*refresh_token*']);
+
+		$this::assertSame('*refresh_token*', $params['refresh_token']);
+		$this::assertSame($this->options->key, $params['client_key']);
+		$this::assertSame($this->options->secret, $params['client_secret']);
+		$this::assertSame('refresh_token', $params['grant_type']);
+	}
+
+}