0

I have created an app using the podio php api. The logged user will authenticate with his refresh token.

Podio::authenticate('refresh_token', array('refresh_token' => USER_REFRESH_TOKEN ));

In some cases, I need to add the user details in to another app in podio. The logged user doesn't have the permission to access that app. This will cause a Podio Forbidden error.

Only the admin of the app have the right permission for this app.

How can we authenticate the user for inserting his details in the app?

Manu
  • 150
  • 3
  • 15

1 Answers1

0

The oauth tokens are stored in Podio::$oauth so you can switch that around whenever you want to authenticate as a different entity.

For example if you want to switch between two different apps:

// Authenticate as the first app
Podio::authenticate('app', ...);

// Here you can make API requests as the first app

// When you want to switch, store the current auth before doing your second auth
$first_app_auth = Podio::$oauth;

// Auth as the second app.
Podio::authenticate('app', ...);

// Now you can make API requests as the second app

// ...and switch back to the first app
$second_app_auth = Podio::$oauth;

// Auth as the first app again:
Podio::$oauth = $first_app_auth;

// Make API requests as the first app again
Andreas Haugstrup Pedersen
  • 752
  • 1
  • 4
  • 8
  • Hi Andreas, Shall we store the Podio::$oauth value to session.So this will avoid the app authentication for several times. – Manu Jul 02 '14 at 09:01
  • Can we use json_encode for storing the class instance in session? – Manu Jul 02 '14 at 09:16
  • Podio::$oauth is a PodioOAuth object and I wouldn't recommend trying to store that directly. See the Redis example here for how to extract the properties and properly instantiate a new PodioOAuth object upon retrieval: http://podio.github.io/podio-php/sessions/ – Andreas Haugstrup Pedersen Jul 03 '14 at 15:37