retrochaos/trustpilot-authenticator
Composer 安装命令:
composer require retrochaos/trustpilot-authenticator
包简介
A PHP library for obtaining Trustpilot API access tokens
README 文档
README
A PHP library for obtaining access tokens for the Trustpilot Business User OAuth API.
Originally developed and open-sourced by moneymaxim.
Fully modernised to:
- Use Symfony HTTP Client
- Support all current Trustpilot OAuth grant types
- Provide type-safe error handling
- Provide refresh & revoke support
Install
Install via Composer:
composer require retrochaos/trustpilot-authenticator
The package has no external dependencies other than Symfony’s HTTP client (automatically installed).
Supported OAuth Flows
This library supports all Trustpilot Business OAuth grant types:
| Flow | Method |
|---|---|
| Password (legacy, deprecated but still works for old apps) | requestPasswordAccessToken() |
| Client Credentials (server-to-server) | requestClientCredentialsAccessToken() |
| Authorization Code (interactive user login) | requestAuthorizationCodeAccessToken() |
| Refresh Token | refreshAccessToken() |
| Revoke Refresh Token | revokeRefreshToken() |
| Build Authorization URL | buildAuthorizationUrl() |
Usage
Create the authenticator
use Trustpilot\Api\Authenticator\Authenticator; $authenticator = new Authenticator();
1. Password Grant (Deprecated by Trustpilot)
Useful only for older Trustpilot applications pre-February 2025.
$token = $authenticator->requestPasswordAccessToken( $apiKey, $apiSecret, $username, $password ); $token->getToken(); // string $token->getExpiry(); // DateTimeInterface $token->getRefreshToken(); // ?string
The alias getAccessToken() still works for backwards compatibility.
2. Client Credentials Grant (Recommended)
Best for server-to-server integrations.
$token = $authenticator->requestClientCredentialsAccessToken( $apiKey, $apiSecret );
3. Authorization Code Grant (Interactive User Login)
Step 1 — Redirect the user to login
$url = $authenticator->buildAuthorizationUrl( $apiKey, $redirectUri, $state = 'optional-state', ['business-user-access-read', 'another-scope'] ); // Redirect the browser: header("Location: $url"); exit;
Step 2 — Exchange the returned code for a real access token
$token = $authenticator->requestAuthorizationCodeAccessToken( $apiKey, $apiSecret, $_GET['code'], $redirectUri );
4. Refresh an Access Token
$newToken = $authenticator->refreshAccessToken( $apiKey, $apiSecret, $oldToken->getRefreshToken() );
5. Revoke a Refresh Token
$authenticator->revokeRefreshToken($refreshToken);
6. buildAuthorizationUrl()
buildAuthorizationUrl() constructs a Trustpilot-compatible login URL for the Authorization Code OAuth flow.
Signature
public function buildAuthorizationUrl( string $clientId, string $redirectUri, ?string $state = null, array $scopes = [] ): string
Parameters
| Parameter | Description |
|---|---|
clientId |
Your Trustpilot API key |
redirectUri |
URL that Trustpilot redirects the user back to |
state |
Optional anti-CSRF or session identifier |
scopes |
Optional list of OAuth scopes as an array of strings |
Example
$url = $authenticator->buildAuthorizationUrl( $apiKey, 'https://example.com/oauth/callback', 'session-123', ['business-user-access-read'] ); echo $url;
Example output:
https://authenticate.trustpilot.com?client_id=YOUR_KEY&redirect_uri=https%3A%2F%2Fexample.com%2Foauth%2Fcallback&response_type=code&state=session-123&scope=business-user-access-read
What you do with it
- Redirect the user to the URL
- Trustpilot handles login
- Trustpilot redirects them back to your app with
?code=... - Exchange that code using
requestAuthorizationCodeAccessToken()
Error Handling
All errors throw a single exception type:
use Trustpilot\Api\Authenticator\AuthenticatorException; try { $token = $authenticator->requestClientCredentialsAccessToken($apiKey, $apiSecret); } catch (AuthenticatorException $e) { // Network errors // Invalid credentials // Invalid OAuth grant // HTTP 4xx/5xx // Malformed responses echo $e->getMessage(); }
AccessToken Object
Every method returns an AccessToken instance:
$token->getToken(); // string $token->getExpiry(); // DateTimeInterface $token->getRefreshToken(); // ?string $token->isExpired(); // bool
Tests
A full PHPUnit test harness is included and covers:
- Successful authentication flows
- Error codes (400/401/403/500)
- Network exceptions
- Refresh & revoke
- Authorization URL generation
Run tests with:
vendor/bin/phpunit
License
MIT License — feel free to use, modify, and contribute.
retrochaos/trustpilot-authenticator 适用场景与选型建议
retrochaos/trustpilot-authenticator 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 24 次下载、GitHub Stars 达 0, 最近一次更新时间为 2024 年 02 月 20 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 retrochaos/trustpilot-authenticator 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 retrochaos/trustpilot-authenticator 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 24
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 7
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2024-02-20