add more operations and refactor

.gitignore

@@ -0,0 +1 @@
+/.project

README.md

@@ -10,8 +10,31 @@ Requires:
  - PingOne account with PingID service enabled (visit [Ping Identity Developer Site] to get a developer account)
 
 ### Installation
-
-1. Execute the scripts from your command line (ie php getUserDetails.php jsmith)
+
+1. Enable 3rd-party Client Integration in the PingOne Admin Web GUI (Setup -> PingID -> Client Integration -> Third-party Clients -> Enable).
+2. Download the `pingid.properties` file from PingOne (Setup -> PingID -> Client Integration -> Settings File -> Download) and put in in the scripts directory.
+3. Execute the scripts from your command line i.e. `php getUserDetails.php jsmith`
+
+### Workflows
+
+1a. Enroll user with mobile device  
+- `php addUser jdoe John Doe hzandbelt+johndoe@pingidentity.com`  
+*pickup pairing key or QR code URL from output*  
+- `php getUserDetails.php jdoe`  
+
+1b. Add e-mail OTP  
+- `php startOfflinePairing.php jdoe EMAIL hzandbelt+johndoe@pingidentity.com`  
+- `php finalizeOfflinePairing.php <session-id> <otp>`  
+
+2a. Enroll user with e-mail OTP  
+- `php addUser.php jdoe John Doe hzandbelt+johndoe@pingidentity.com false`  
+- `php startOfflinePairing.php jdoe EMAIL hzandbelt+johndoe@pingidentity.com`  
+- `php finalizeOfflinePairing.php <session-id> <otp>`  
+
+2b. Add mobile device later  
+- `php getActivationCode.php jdoe`  
+*pickup pairing key or QR code URL from output*  
+- `php getPairingStatus.php <activation-code>`
 
 ### Disclaimer
 

scripts/Utils.php

@@ -0,0 +1,93 @@
+<?php
+/*
+	PingID API Sample PHP Script: Utils.php
+
+	This script provided common routines for accessing the PingID API.
+	For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+define('PINGID_API_VERSION', '4.9');
+
+function pingid_base64url_encode($input) {
+	return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+}
+
+function pingid_base64url_decode($input) {
+	$remainder = strlen($input) % 4;
+	if ($remainder) {
+		$padlen = 4 - $remainder;
+		$input .= str_repeat('=', $padlen);
+	}
+	return base64_decode(strtr($input, '-_', '+/'));
+}
+
+function pingid_jwt_encode($payload, $key, $org_alias, $token) {
+	$header = array(
+			'alg' => 'HS256',
+			'org_alias' => $org_alias,
+			'token' => $token
+	);
+	$segments = array();
+	$segments[] = pingid_base64url_encode(json_encode($header));
+	$segments[] = pingid_base64url_encode(json_encode($payload));
+	$segments[] = pingid_base64url_encode(hash_hmac('SHA256', implode('.', $segments), $key, true));
+	return implode('.', $segments);
+}
+
+function pingid_get_timestamp() {
+	$MDT = 3600 * -6;
+	return gmdate("Y-m-d H:i:s.000", time() + $MDT);
+}
+
+function pingid_send_request($props, $path, $body) {
+	$jwt = array(
+		'reqHeader' => array(
+			'orgAlias' => $props['org_alias'],
+			'secretKey' => $props['token'],
+			'timestamp' => pingid_get_timestamp(),
+			'version' => PINGID_API_VERSION,
+			'locale' => 'en',
+			'sessionId' => null
+		),
+		'reqBody' => $body
+	);
+
+	$data = pingid_jwt_encode(
+			$jwt,
+			base64_decode($props['use_base64_key']),
+			$props['org_alias'],
+			$props['token']);
+
+	$api_url = $props['admin_url'] . '/rest/4/' . $path;
+
+	#echo 
+	#print_r($data);
+	#echo
+
+	$headers = array();
+	$headers[] = 'Content-Type: application/json';
+	$ch = curl_init($api_url);
+	curl_setopt($ch, CURLOPT_VERBOSE, true);
+	curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
+	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
+	$result = curl_exec($ch);
+	curl_close($ch);
+
+	return $result;
+}
+
+function pingid_exec_command($prop_file, $cmd_path, $req_array) {
+	$props = parse_ini_file($prop_file, false, INI_SCANNER_RAW);
+	$req_array['clientData'] = null;
+	$jwt = pingid_send_request($props, $cmd_path . '/do', $req_array);
+	list($headb64, $bodyb64, $cryptob64) = explode('.', $jwt);
+	return pingid_base64url_decode($bodyb64);
+}
+
+?>

scripts/addUser.php

@@ -0,0 +1,40 @@
+<?php
+/*
+	PingID API Sample PHP Script: addUser.php
+
+	This script will add a PingID user via the PingID API AddUser operation.
+	For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+
+require_once 'Utils.php';
+
+if (count($argv) < 5) {
+	echo "Usage: $argv[0] <username> <first-name> <last-name> <e-mail> [true|false]\n";
+	exit;
+}
+
+$props_file = 'pingid.properties';
+
+$response = pingid_exec_command($props_file, 'adduser', array(
+		'activateUser' => count($argv) > 5 ? $argv[5] == "true" : "true",
+		'email' => $argv[4],
+		'fName' => $argv[2],
+		'lname' => $argv[3],
+		'userName' => $argv[1],
+		'role' => 'REGULAR'
+));
+print $response;
+
+$props = parse_ini_file($props_file, false, INI_SCANNER_RAW);
+
+$json = json_decode($response);
+print "\n\n # Activation code is: " . $json->responseBody->activationCode . "\n";
+print " # QR Code URL is: " . $props['admin_url'] . '/QRRedirection?' . base64_encode('act_code=' . $json->responseBody->activationCode) . "\n";
+
+?>

scripts/authenticateOnline.php

@@ -0,0 +1,28 @@
+<?php
+/*
+	PingID API Sample PHP Script: authenticateOnline.php
+
+	This script will execute the PingID API AuthenticateOnline operation to authenticate
+	a PingID user online. For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+
+require_once 'Utils.php';
+
+if (count($argv) < 2) {
+	echo "Usage: $argv[0] <username>\n";
+	exit;
+}
+
+print pingid_exec_command('pingid.properties', 'authonline', array(		
+		'authType' => 'CONFIRM',
+		'spAlias' => 'web',
+		'userName' => $argv[1]
+));
+
+?>

scripts/deleteUser.php

@@ -0,0 +1,26 @@
+<?php
+/*
+	PingID API Sample PHP Script: deleteUser.php
+
+	This script will delete a PingID user via the PingID API DeleteUser operation.
+	For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+
+require_once 'Utils.php';
+
+if (count($argv) < 2) {
+	echo "Usage: $argv[0] <username>\n";
+	exit;
+}
+
+print pingid_exec_command('pingid.properties', 'deleteuser', array(
+		'userName' => $argv[1]
+));
+
+?>

scripts/finalizeOfflinePairing.php

@@ -0,0 +1,27 @@
+<?php
+/*
+	PingID API Sample PHP Script: finalizeOfflinePairing.php
+
+	This script will finalize offline pairing via the PingID API FinalizeOfflinePairing operation.
+	For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+
+require_once 'Utils.php';
+
+if (count($argv) < 3) {
+	echo "Usage: $argv[0] <sessionid> <otp>\n";
+	exit;
+}
+
+print pingid_exec_command('pingid.properties', 'finalizeofflinepairing', array(
+		'sessionId' => $argv[1],
+		'otp' => $argv[2]
+));
+
+?>

scripts/getActivationCode.php

@@ -0,0 +1,35 @@
+<?php
+/*
+	PingID API Sample PHP Script: getActivationCode.php
+
+	This script will call the PingID API GetActivationCode operation to get an activation code for
+	a PingID user. For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+
+require_once 'Utils.php';
+
+if (count($argv) < 2) {
+	echo "Usage: $argv[0] <username>\n";
+	exit;
+}
+
+$props_file = 'pingid.properties';
+
+$response = pingid_exec_command($props_file, 'getactivationcode', array(
+		'userName' => $argv[1]
+));
+print $response;
+
+$props = parse_ini_file($props_file, false, INI_SCANNER_RAW);
+
+$json = json_decode($response);
+print "\n\n # Activation code is: " . $json->responseBody->activationCode . "\n";
+print " # QR Code URL is: " . $props['admin_url'] . '/QRRedirection?' . base64_encode('act_code=' . $json->responseBody->activationCode) . "\n";
+
+?>

scripts/getPairingStatus.php

@@ -0,0 +1,26 @@
+<?php
+/*
+	PingID API Sample PHP Script: getActivationCode.php
+
+	This script will call the PingID API GetActivationCode operation to get an activation code for
+	a PingID user. For more information, review the API documentation:
+	https://developer.pingidentity.com/en/api/pingid-api.html
+
+	Note:	This software is open sourced by Ping Identity but not supported commercially
+			as such. Any questions/issues should go to the Github issues tracker or discuss
+			on the [Ping Identity developer communities] . See also the DISCLAIMER file in
+			this directory.
+*/
+
+require_once 'Utils.php';
+
+if (count($argv) < 2) {
+	echo "Usage: $argv[0] <activation_code>\n";
+	exit;
+}
+
+print pingid_exec_command('pingid.properties', 'pairingstatus', array(
+		'activationCode' => $argv[1]
+));
+
+?>

scripts/getUserDetails.php

@@ -12,75 +12,16 @@
 			this directory.
 */
 
-function pingid_base64url_encode($input) {
-	return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
-}
-
-function pingid_jwt_encode($payload, $key, $org_alias, $token) {
-	$header = array(
-			'alg' => 'HS256',
-			'org_alias' => $org_alias,
-			'token' => $token
-	);
-	$segments = array();
-	$segments[] = pingid_base64url_encode(json_encode($header));
-	$segments[] = pingid_base64url_encode(json_encode($payload));
-	$segments[] = pingid_base64url_encode(hash_hmac('SHA256', implode('.', $segments), $key, true));
-	return implode('.', $segments);
-}
-
-function pingid_get_timestamp() {
-	$MDT = 3600 * -6;
-	return gmdate("Y-m-d H:i:s.000", time() + $MDT);
-}
-
-function pingid_send_request($props, $path, $body) {
-	$jwt = array(
-		'reqHeader' => array(
-			'orgAlias' => $props['org_alias'],
-			'secretKey' => $props['token'],
-			'timestamp' => pingid_get_timestamp(),
-			'version' => '4.6',
-			'locale' => 'en',
-			'sessionId' => null
-		),
-		'reqBody' => $body
-	);
-
-	$data = pingid_jwt_encode(
-			$jwt,
-			base64_decode($props['use_base64_key']),
-			$props['org_alias'],
-			$props['token']);
-
-	$headers = array();
-	$headers[] = 'Content-Type: application/json';
-	$ch = curl_init($props['api-base-url'] . $path);
-	curl_setopt($ch, CURLOPT_VERBOSE, true);
-	curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
-	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
-	$result = curl_exec($ch);
-	curl_close($ch);
-
-	return $result;
-}
-
-function pingid_get_user_details($props, $username) {
-	return pingid_send_request($props, 'getuserdetails/do', array(
-		'getSameDeviceUsers' => true,
-		'userName' => $username,
-		'clientData' => null
-	));	
-}
+require_once 'Utils.php';
 
 if (count($argv) < 2) {
 	echo "Usage: $argv[0] <username>\n";
 	exit;
 }
 
-$props = parse_ini_file('pingid.properties', false, INI_SCANNER_RAW);
-$props['api-base-url'] = 'https://idpxnyl3m.pingidentity.com/pingid/rest/4/';
-
-print pingid_get_user_details($props, $argv[1]);
+print pingid_exec_command('pingid.properties', 'getuserdetails', array(
+		'getSameDeviceUsers' => true,
+		'userName' => $argv[1]
+));
 
 ?>