PHP demo application showing how to access the Hubstaff Public API

Overview

Public API PHP Demo

This repository contains a simple sample cli tool that shows off how to access the Hubstaff public api via PHP.

The core access is all done via the php-openid-client package.

Open ID Discovery

The Hubstaff account system uses the Open ID Connect discovery protocol to allow an application to easily query what the token endpoint, authorization endpoints, etc. are. Thus you only need to know the authentication domain (https://account.hubstaff.com/) and the API endpoint url (https://api.hubstaff.com/)

The example code in client.php fetches and caches this discovery data for 1 week. This way it does not need to be constantly fetched.

Token persistence

This demo has a simple way of managing the API token. It simply stores it in json file that is read from on startup and written when tokens are refreshed.

A proper storage should have locking around read and write. And also the code should lock and re-read the state file when refreshing in case another process already refreshed the token. e.g. a proper refresh token flow should be

  1. lock
  2. re-read state and load the token
  3. if the token is no longer expired or near expiring use the new token (another process refreshed)
  4. otherwise refresh the token
  5. save
  6. release lock

Client app vs Personal access token

The Hubstaff account system's personal access token is designed to work very similarly to our client apps in that they both produce short-lived access tokens that must be refreshed periodically.

The code in client.php is an example on how to accomplish this task using disk access as the permanent token storage. If you have other mechanisms for storage you can implement that in the saveState and loadState methods.

Personal access token use

The default setup in api.js is to use a personal access token. To use create/edit the configState.json so that it contains the following entry.

{
    "token": {
        "refresh_token": "personal access refresh token goes here"
    }
}

Then when the api.js makes a request it will automatically refresh to acquire an access token as needed and persist it to the configState.json between executions.

Setup the configState.json as defined above Then run the cli_tool sample like this

php client.php

And this will dump out the "v2/users/me" endpoint

You might also like...
Add information about PGP public keys on upload in Kirby v3
Add information about PGP public keys on upload in Kirby v3

Kirby3 GnuPG This plugin adds information about PGP public keys on upload, using gpg binary (which needs to be installed for this to work). Getting st

Public solutions and challenges from sinf ctf 2021

SINFCTF2021 CTF Challenges (and official solutions) created for SINFCTF2021, a companion CTF for Semana de Informática 2021. There's a folder for each

This is a public repository developed to Mooven for test.

How to start First Step: Clone repository to your PC Second Step: Run the command: composer dumpautoload Third Step: IMPORTANT STEP! Now you have to c

Data visualization for NASA's DSNNow public data
Data visualization for NASA's DSNNow public data

DSN Monitor Data visualization for NASA's DSNNow public data. A live version of the project can be accessed at http://dsnmonitor.ddns.net. Description

Starless Sky is a network protocol for secure identities, providing the use of assymetric identities, public information, end-to-end messaging and smart contracts
Starless Sky is a network protocol for secure identities, providing the use of assymetric identities, public information, end-to-end messaging and smart contracts

Descentralized network protocol providing smart identity over an secure layer. What is the Starless Sky Protocol? Starless Sky is a network protocol f

Echo your public IP address with a very simple cURL request

Echo your public IP address with a very simple cURL request

Initiated by me, enhanced by us, created for us. This is the fork (public) version separated from my private diary repository.

diary public repository Initiated by me, enhanced by us, created for us. This is the fork (public) version separated from my private diary repository.

https://trapscan.slab.com/public/topics/phase-3-branding-and-optimisation-r3vhj61l

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

This package makes it easy to add early access mode to your existing application.
This package makes it easy to add early access mode to your existing application.

This package makes it easy to add early access mode to your existing application. This is useful for when you want to launch a product and need to gat

Comments
  • Improve the format of PULL_REQUEST_TEMPLATE

    Improve the format of PULL_REQUEST_TEMPLATE

    Use the PR template recommended by Vanta: https://github.com/VantaInc/sdlc-templates/blob/master/.github/pull_request_template.md.

    The template includes basic development and security guidelines.

    enhancement 
    opened by ayarotsky 0
  • Too many requests to refresh this token

    Too many requests to refresh this token

    I am trying this approach because it is simple:

    POST https://account.hubstaff.com/access_tokens

    GET https://api.hubstaff.com/v2/organizations/43979/members

    In my cron job every 5 minutes.


    But now I get:

    Too many requests to refresh this token

    This is a dumb and undocumented limitation.

    Please update this service to document this at https://developer.hubstaff.com/authentication#access_token and remove the claim that this is a "REST API" or better just remove this limitation.

    opened by fulldecent 0
Owner
Netsoft Holdings
Makers of the Hubstaff time tracking application
Netsoft Holdings
A list of documentation and example code to access the University of Florida's public (undocumented) API

uf_api A list of documentation and example code to access the University of Florida's public (undocumented) API Courses Gym Common Data (admissions an

Rob Olsthoorn 49 Oct 6, 2022
A Laravel Wrapper for the Binance API. Now easily connect and consume the Binance Public & Private API in your Laravel apps without any hassle.

This package provides a Laravel Wrapper for the Binance API and allows you to easily communicate with it. Important Note This package is in early deve

Moinuddin S. Khaja 7 Dec 7, 2022
Here is an Instagram Guest API. Gather all public information as JSON format without logging yourself.

Here is an Instagram Guest API. Gather all public information as JSON format without logging yourself. It's all automation and time saving.

Quatrecentquatre 1 Nov 2, 2021
This demo app shows you how to run a simple PHP application on AWS Elastic Beanstalk.

Elastic Beanstalk + PHP Demo App - "Share Your Thoughts" This demo app shows you how to run a simple PHP application on AWS Elastic Beanstalk. Run the

AWS Samples 143 Nov 26, 2022
Vulnerable demo application for the race condition

Vulnerable PHP App (Race Condition) Environment setup: docker-compose up Environment verification: Connection Test: http://localhost/test.php Vulnera

ProjectDiscovery 7 Nov 29, 2022
Phalcon Demo Application

Phalcon Demo Application We use modified Phalcon INVO Application to demonstrate basics of Codeception testing. We expect to implement as many feature

Codeception Testing Framework 42 Oct 7, 2022
Notejam demo application using Blink framework

Notejam: Blink framework Notejam demo application using Blink framework Installation Clone the repository to you machine. Run vagrant up to create the

RAFIE Younes 6 Jun 4, 2018
Simple Symfony currency exchange demo application (CLI)

Symfony currency exchange demo Keynotes Using a small Symfony installation as possible Using SQLite database for simplicity but with price of some cav

Vladimir Martsul 9 Oct 21, 2022
Demo project for the API Platform / DDD Workshop

Workshop DDD x API Platform This is a demo project used for the DDD x API Platform Workshop by @chalasr & @mtarld from @coopTilleuls. Checkout git clo

Les-Tilleuls.coop 34 Dec 16, 2022
Allows reflection of object attributes, including inherited and non-public ones

sebastian/object-reflector Allows reflection of object attributes, including inherited and non-public ones. Installation You can add this library as a

Sebastian Bergmann 6k Jan 4, 2023