This pages shows you how to setup PHP Demo (Server Side SDK) App using discovery and without discovery.

Content:

  • Configuring and running Demo App in With Discovery Mode
  • Using Mobile Connect Server Side SDK With Discovery
  • Configuring and running Demo App in Without Discovery Mode
  • Using Mobile Connect Server Side SDK Without Discovery
  • Using common Mobile Connect Server Side SDK functionality
  • Configuring and running the server side SDK in With Discovery Mode

    1. Register an account or login to the Mobile Connect Developer Portal and create an application to obtain your sandbox credentials.
    2. Install Docker.

      sudo apt install docker.io
      systemctl start docker
      systemctl enable docker
    3. Create at host machine folder /home/serverside/ for example and go into it.

    4. Download the Mobile Connect server side project.

      git init
      git pull https://github.com/Mobile-Connect/php_server_side_library.git
    5. Run docker image:
      sudo docker run -p 80:80 -it -v /home/serverside/:/opt/lampp/htdocs/ cswl/xampp bash
    6. Please check, that your folder /home/serverside/ contains downloaded SDK folders php-server-side-library and mobile-connect-sdk and run the next commands in Docker container:
      cd /opt/lampp/htdocs/php-server-side-library
      curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
      composer install
      mv .env.example .env
      php artisan key:generate
      chmod -R 777 /opt/lampp/htdocs/php-server-side-library/
      chmod -R 777 /opt/lampp/htdocs/mobile-connect-sdk/
      mysql</opt/lampp/htdocs/init_db.sql 

      If your folder /home/serverside/ contains only folder php_server_side_library, please run the next commands:
      cd /opt/lampp/htdocs/php_server_side_library/php-server-side-library
      curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
      composer install
      mv .env.example .env
      php artisan key:generate
      chmod -R 777 /opt/lampp/htdocs/php_server_side_library/php-server-side-library/
      chmod -R 777 /opt/lampp/htdocs/php_server_side_library/mobile-connect-sdk/
      mysql</opt/lampp/htdocs/php_server_side_library/init_db.sql 
    7. Note: please use your actual path to PHP SDK in Docker image instead of /opt/lampp/htdocs/ if it is different.

    8. Open the configuration file: \php-server-side-library\app\data\data.json to pass required parameter values for with discovery mode.
      Here are 9 parameters:
      {
        "client_id": your client Id,
        "clientSecret": your client Secret,
        "discoveryURL": your Discovery endpoint,
        "redirectURL": "http://your redirect url",
        "xRedirect": "True",
        "includeRequestIP": "False",
        "apiVersion": api version: "mc_v1.1" or "mc_v2.0" or "mc_di_r2_v2.3",
        "scope": scope,
        "client_name":  your client name
      }
    9. Open sector_identifier_uri.json file and specify the value of sector_identifier_uri with a single JSON array of redirect_uri values.
      ["<protocol>://<hostname>/php-server-side-library/public/callback"]
    10. Installation is finished.

      You can open the configuration file .env at the root of the project and set correct values for variables DB_HOST, DB_PORT, DB_DATABASE, DB_USERNAME and DB_PASSWORD .
      After changing configuration files you have to restart the docker container:

      sudo docker run -p 80:80 -it -v /home/serverside/:/opt/lampp/htdocs/ cswl/xampp bash
      mysql</opt/lampp/htdocs/init_db.sql 

      Prepare client side application (IOS or Android application) or Demo App for Server Side application.

    Using Mobile Connect Server Side SDK with Discovery

    Client side application allows to sends a request to server side application in three modes: msisdn, mcc_mnc, none

    Example request:
    If you are using only msisdn the request to your server side part will be: http://localhost/php-server-side-library/public/start_discovery?msisdn=447700900391
    When you are using mcc and mnc it will be: http://localhost/php-server-side-library/public/start_discovery?mcc=903&mnc=01
    If you choose None mode: http://localhost/php-server-side-library/public/start_discovery
    Also sourceIp can be included to request: http://localhost/php-server-side-library/public/start_discovery?sourceIp=10.0.0.3

    Client side application sends a GET request with client data to server side application.
    Then server side application makes startDiscovery method call with your data from configuration file. This method calls attemptDiscoveryWrapper method with your parameters from config file. And then startAuthentication method perfoms for getting authentication URL.

        public function startDiscovery(Request $request) {
            $msisdn = Input::get(Constants::MSISDN);
            $mcc = Input::get(Constants::MCC);
            $mnc = Input::get(Constants::MNC);
            $sourceIp = Input::get(Constants::SOURCE_IP);
            return $this->AttemptDiscoveryWrapper($msisdn, $mcc, $mnc, $sourceIp, $request);
        }

    Note:If discovery request with msisdn, mcc_mnc or source ip fails - method perform Discovery UI flow to discover operator.

    1) If you selected the msisdn mode: method generates auth URL and respond with 302 redirect to this URL. After you follow the redirect, and pass consent confirmation screen, redirect will be proceed by server side handleRedirect method.
    2) mcc_mnc mode.
    3) none mode.
    If you selected the mcc_mnc mode or none mode:
    you will be redirected to the operator selection page. Here you can type your msisdn and process page. Then the scenario should be the same as on first mode.

         
        public function handleRedirect(Request $request) {
            $mcc_mnc = Input::get(Parameters::MCC_MNC);
            $code = Input::get(Parameters::CODE);
            $state = Input::get(Parameters::STATE);
            $requestUri = $request->getRequestUri();
            if(!empty($code)){
                $discoveryResponse = Controller::$_databaseHelper->getDiscoveryResponseFromDatabase($state);
                $nonce = Controller::$_databaseHelper->getNonceFromDatabase($state);
                $authStatus = Controller::$_mobileConnect->HandleUrlRedirectWithDiscoveryResponse($requestUri, $discoveryResponse, $state, $nonce, new MobileConnectRequestOptions());
                $endPointStatus = EndpointUtils::startEndpointRequest(Controller::$_mobileConnect, Controller::$_config, $discoveryResponse, $authStatus);
                Controller::$_databaseHelper->clearDiscoveryCacheByState($state);
                $isPremiumInfo = !empty($endPointStatus);
                return HttpUtils::redirectToView($isPremiumInfo ? $endPointStatus : $authStatus, $isPremiumInfo ? Status::PREMIUMINFO: Status::TOKEN);
    
            } elseif (!empty($mcc_mnc)){
                $response = Controller::$_mobileConnect->HandleUrlRedirectWithDiscoveryResponse($requestUri, null, $state, null, new MobileConnectRequestOptions());
                return  AuthWithDiscovery::startAuth(Controller::$_mobileConnect, $response, Controller::$_config);
            }
            else{
                $errorCode = Input::get(Parameters::ERROR);
                $errorDesc = Input::get(Parameters::ERROR_DESCRIPTION);
                Controller::$_databaseHelper->clearDiscoveryCacheByState($state);
                return HttpUtils::redirectToView(MobileConnectStatus::Error($errorCode, $errorDesc, null), McUtils::getAuthName(Controller::$_config->getScopes()));
            }
        }

         
        private static function startAuthentication($mobileConnect, $sdkSession, $subscriberId, $options) {
            $status = $mobileConnect->StartAuthentication($sdkSession, $subscriberId, null, null, $options);
            return $status;
        }

    Discovery caching

    Discovery response is cached in server side with following rules:
    1) After succeeded Discovery request, Discovery response is cached with used mcc/mnc, msisdn or sourceIp.
    2) Expiration time for Discovery Response cache is the same as "ttl" field in Discovery Response - if Discovery Response expired - that deleted from cache.
    3) Next requests for Discovery with the same mcc/mnc, msisdn or sourceIp - Discovery request shouldn't be performed, Discovery response should be taken from cache.
    4) If auth call responds with error - Discovery Response deleted from the cache, and server side redirects you to Discovery UI.

    Using Mobile Connect Authentication/Authorisation

    The server side SDK allows you to call the Identity Gateway with the scope parameter set to “mc_authn”, which signifies an authentication request for a single transaction (the id_token and access token returned from the Gateway have a timeout set to zero, so expire after a single use). You should check that the Identity Gateway supports version 2.0 of the Mobile Connect Profile (available in the Provider Metadata) before attempting a call.

    To make a successful authorisation call, you must provide the following additional parameters:

    • client_name – specifies the name of the application/service requesting authorisation.
    • context – specifies the reason for the authorisation request, and should be built from the data describing the transaction requiring authorisation. The context is displayed on the authenticating (mobile) device only.
    • binding_message – specifies a reference string to display on the device from which the authorisation request was invoked, and on the authenticating (mobile) device, allowing the user to visually verify that the confirmation message originated from their transaction request.

    Note: the authorisation prompt displayed to the user combines all three parameters, which cannot exceed 93 bytes in total.

    The following example shows how to add the additional Authorisation options to the Authentication call described in Using Mobile Connect Authentication.

    Note: calls to Authorisation are structured in exactly the same way, but using the scopes “mc_authz”as applicable. Please check the "data.json" file for attributes:

     
    	"scope":"openid mc_authz",
    	"client_name": your client name,
    	"context": your context,
    	"binding_message": your binding message

    startAuthorisation method generates URL for authorisation, which is sent to client side application.

        private static function startAuthorisation($mobileConnect, $sdkSession, $subscriberId, $options) {
            $status = $mobileConnect->StartAuthentication($sdkSession, $subscriberId, null, null, $options);
            return $status;
        }

    Also, please, see
  • Using common Mobile Connect Server Side SDK functionality
  • Configuring and running the server side SDK in Without Discovery Mode

    1. Register an account or login to the Mobile Connect Developer Portal and create an application to obtain your sandbox credentials.
    2. Install Docker.

      sudo apt install docker.io
      systemctl start docker
      systemctl enable docker
    3. Create at host machine folder /home/serverside/ for example and go into it.

    4. Download the Mobile Connect server side project.

      git init
      git pull https://github.com/Mobile-Connect/php_server_side_library.git
    5. Run docker image:
      sudo docker run -p 80:80 -it -v /home/serverside/:/opt/lampp/htdocs/ cswl/xampp bash
    6. Please check, that your folder /home/serverside/ contains downloaded SDK folders php-server-side-library and mobile-connect-sdk and run the next commands in Docker container:
      cd /opt/lampp/htdocs/php-server-side-library
      curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
      composer install
      mv .env.example .env
      php artisan key:generate
      chmod -R 777 /opt/lampp/htdocs/php-server-side-library/
      chmod -R 777 /opt/lampp/htdocs/mobile-connect-sdk/
      mysql</opt/lampp/htdocs/init_db.sql 

      If your folder /home/serverside/ contains only folder php_server_side_library, please run the next commands:
      cd /opt/lampp/htdocs/php_server_side_library/php-server-side-library
      curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
      composer install
      mv .env.example .env
      php artisan key:generate
      chmod -R 777 /opt/lampp/htdocs/php_server_side_library/php-server-side-library/
      chmod -R 777 /opt/lampp/htdocs/php_server_side_library/mobile-connect-sdk/
      mysql</opt/lampp/htdocs/php_server_side_library/init_db.sql 
    7. Note: please use your actual path to PHP SDK in Docker image instead of /opt/lampp/htdocs/ if it is different.

    8. Open the configuration file: \php-server-side-library\app\data\data.json to pass required parameter values for with discovery mode.

      To make a successful authentication call, you must provide the following parameters in the configuration file withoutDiscoveryData.json:

      {
      	"client_id": "M2UyMTcyNzgtNDI0MS00NjhiLWJhMzYtM2UyYjdkMzlmOTJlOm9wZXJhdG9yLWI=",
      	"clientSecret": "MTMwNzU3YWUtODlmOS00NTkxLWIwYzAtNjA1MmFiMWMzOTIyOm9wZXJhdG9yLWI=",
      	"redirectURL": "http://localhost/php-server-side-library/public/callback_wd",
      	"scope":"openid mc_authz",
      	"apiVersion":"mc_di_r2_v2.3",
      	"authURL": "https://operator-b.sandbox.mobileconnect.io/oidc/authorize",
      	"tokenURL": "https://operator-b.sandbox.mobileconnect.io/oidc/accesstoken",
      	"userInfoURl": "https://operator-b.sandbox.mobileconnect.io/oidc/userinfo",
      	"premiumInfoURl": "https://operator-b.sandbox.mobileconnect.io/oidc/premiuminfo",
      	"metadataURl": ""
      }

      To make a successful authorisation call, you must add in configuration file the following mandatory parameters:

      	"client_name":"PhpServerSideDemo", 
      	"context":"demo", 
      	"binding_message":"demo auth", 

      • client_name – specifies the name of the application/service requesting authorisation. This value is taken from Options and must match the Application Short Name.
      • context – specifies the reason for the authorisation request, and should be built from the data describing the transaction requiring authorisation. The context is displayed on the authenticating (mobile) device only.
      • binding_message – specifies a reference string to display on the device from which the authorisation request was invoked, and on the authenticating (mobile) device, allowing the user to visually verify that the confirmation message originated from their transaction request.
    9. Installation is finished.

      You can open the configuration file .env at the root of the project and set correct values for variables DB_HOST, DB_PORT, DB_DATABASE, DB_USERNAME and DB_PASSWORD .
      After changing configuration files you have to restart the docker container:

      sudo docker run -p 80:80 -it -v /home/serverside/:/opt/lampp/htdocs/ cswl/xampp bash
      mysql</opt/lampp/htdocs/init_db.sql 

      Prepare client side application (IOS or Android application) or Demo App for Server Side application.

    Using Mobile Connect server side SDK without Discovery

    The server side allows you to call methods that get additional parameters from a JSON configuration file. Once the end user has entered their encrypted MSISDN as subscriberId the server side builds the call to the Authentication endpoint. A successful authentication returns an id_token containing the user’s PCR, which is unpacked and available for verification against your user register.

    This SDK allows calls to Mobile Connect without first doing a Discovery call. It is a similar process to usual Mobile Connect Authentication but instead of calls to the Discovery Service a new function makeDiscoveryWithoutCall is used to create the discoveryOptions object.

    To load the discoveryOptions object:

    public function makeDiscoveryWithoutCall ( $clientId, $clientSecret, $_operatorUrls, $clientName="Client Name",  $subId=NULL){
            $discoveryOptions = new FakeDiscoveryOptions();
            $discoveryOptions->setClientId($clientId);
            $discoveryOptions->setClientSecret($clientSecret);
            $discoveryOptions->setClientName($clientName);
            $discoveryOptions->setOperatorUrls($_operatorUrls);
            $discoveryOptions->setSubId($subId);
    
            $json = $discoveryOptions->getJson();
    
            $response = new RestResponse(200, $json);
            $discoveryResponse = new DiscoveryResponse($response);
            if($discoveryResponse->getOperatorUrls()->getProviderMetadataUrl()!="") {
                $providerMetaData = $this->_discovery->retrieveProviderMetadata($discoveryResponse->getOperatorUrls()->getProviderMetadataUrl());
                $discoveryResponse->setProviderMetadata($providerMetaData);
            }
            return $discoveryResponse;
        }

    Using Mobile Connect Authentication/Authorisation

    Client side application sends a GET request with subscriberId to server side application.
    Example request:

    http://localhost/php-server-side-library/public/start_discovery_manually?msisdn=447700900301

    Then server side application makes startAuthenticationWithoutDiscovery method call for getting authentication URL.

        public function startAuthenticationWithoutDiscovery(Request $request)
        {
            $msisdn = Input::get(strtolower(Parameters::MSISDN));
            $discoveryResponse = WdController::$_mobileConnect->makeDiscoveryWithoutCall(WdController::$_config->getClientId(), WdController::$_config->getClientSecret(),
                WdController::$_config->getOperatorUrls(), WdController::$_config->getClientName());
            return  AuthWithoutDiscovery::startAuth(WdController::$_mobileConnect, $discoveryResponse, WdController::$_config, $msisdn);
        }

    Method startAuth provides separated methods for Authentication, Authorisation, KYC requests:
        public static function startAuth($mobileConnect, $response, $config, $msisdn) {
            $options = McUtils::getMcOptions($config, $response);
            if (strpos($config->getScopes(), Scope::KYC) !== false) {
                $status = AuthWithoutDiscovery::startKYC($mobileConnect, $response, $msisdn, $options);
            } else if (strpos($config->getScopes(), Scope::AUTHZ) !== false) {
                $status = AuthWithoutDiscovery::startAuthorisation($mobileConnect, $response, $msisdn, $options);
            } else {
                $status = AuthWithoutDiscovery::startAuthentication($mobileConnect, $response, $msisdn, $options, $config);
            }
    
            return McUtils::processAuthResponseResult($status, $response);
        }
    
        private static function startAuthentication($mobileConnect, $discoveryResponse, $msisdn, $options) {
            $options->setLoginHint(McUtils::getParamWithName(Parameters::MSISDN, $msisdn));
            return $mobileConnect->Authentication($discoveryResponse, null, null, null, $options);
        }
        private static function startAuthorisation($mobileConnect, $discoveryResponse, $msisdn, $options) {
            $options->setLoginHint(McUtils::getParamWithName(Parameters::MSISDN, $msisdn));
            return $mobileConnect->Authentication($discoveryResponse, null, null, null, $options);
        }
        private static function startKYC($mobileConnect, $discoveryResponse, $msisdn, $options, $config) {
            $kycClaims = new KYCClaimsParameter();
            $kycClaims->setName($config->getName())
                ->setAddress($config->getAddress());
            $options->setLoginHint(McUtils::getParamWithName(Parameters::MSISDN, $msisdn));
            $options->setClaims($kycClaims);
            $status = $mobileConnect->Authentication($discoveryResponse, null, null, null, $options);
            return $status;
        }

    Method handleUrlRedirect is used for processing redirect URLs and callbacks

         
        public function handleRedirect(Request $request)
        {
            $code = Input::get(Parameters::CODE);
            $state = Input::get(Parameters::STATE);
            $errorCode = Input::get(Parameters::ERROR);
            $errorDesc = Input::get(Parameters::ERROR_DESCRIPTION);
            $requestUri = $request->getRequestUri();
            if (!empty($code)) {
                $discoveryResponse = WdController::$_databaseHelper->getDiscoveryResponseFromDatabase($state);
                $nonce = WdController::$_databaseHelper->getNonceFromDatabase($state);
                $authStatus = WdController::$_mobileConnect->HandleUrlRedirectWithDiscoveryResponse($requestUri, $discoveryResponse, $state, $nonce, new MobileConnectRequestOptions());
                $endPointStatus = EndpointUtils::startEndpointRequest(WdController::$_mobileConnect, WdController::$_config, $discoveryResponse, $authStatus);
                $isPremiumInfo = !empty($endPointStatus);
                return HttpUtils::redirectToView($isPremiumInfo ? $endPointStatus : $authStatus, $isPremiumInfo ? Status::PREMIUMINFO: Status::TOKEN);
            } else {
                return HttpUtils::redirectToView(MobileConnectStatus::Error($errorCode, $errorDesc, null), McUtils::getAuthName(WdController::$_config->getScopes()));
            }
        }

    The server side allows you to call the Identity Gateway with the scope parameter set to “openid mc_authn” or “openid mc_authz”, which signifies an authorisation request for a single transaction (the id_token and access token returned from the Gateway have a timeout set to zero, so expire after a single use). For parameter “openid mc_authz” you should check that the Identity Gateway supports version 2.0 or higher of the Mobile Connect Profile (available in the Provider Metadata) before attempting a call.

    After getting the successful authentication/authorisation call back from ID GW, client side makes redirects session and gets the code. Client side sends this code to server side, which uses this code for RequestToken method performing

    public static function RequestToken(IAuthenticationService $authentication, IJWKeysetService $jwks, DiscoveryResponse $discoveryResponse,
            $redirectedUrl, $expectedState, $expectedNonce, MobileConnectConfig $config, MobileConnectRequestOptions $options = null) {
            $response = null;
            $query = parse_url($redirectedUrl, PHP_URL_QUERY);
            parse_str($query, $queryValue);
    
            if(empty($expectedState)) {
                return MobileConnectStatus::Error("required_arg_missing", "ExpectedState argument was not supplied, this is needed to prevent Cross-Site Request Forgery", null);
            }
            if (empty($expectedNonce)) {
                return MobileConnectStatus::Error("required_arg_missing", "expectedNonce argument was not supplied, this is needed to prevent Replay Attacks", null);
            }
            $actualState = $queryValue['state'];
            if ($expectedState != $actualState) {
                return MobileConnectStatus::Error("invalid_state", "State values do not match, this could suggest an attempted Cross-Site Request Forgery", null);
            }
            try {
                $code = $queryValue['code'];
                $clientId = $config->getClientId();
                if (!empty($discoveryResponse) && !empty($discoveryResponse->getResponseData()) && isset($discoveryResponse->getResponseData()['response']['client_id'])) {
                    $clientId = $discoveryResponse->getResponseData()['response']['client_id'];
                }
                $clientSecret = $config->getClientSecret();
                if (!empty($discoveryResponse) && !empty($discoveryResponse->getResponseData()) && isset($discoveryResponse->getResponseData()['response']['client_secret'])) {
                    $clientSecret = $discoveryResponse->getResponseData()['response']['client_secret'];
                }
                $requestTokenUrl = null;
                if (!empty($discoveryResponse) && !empty($discoveryResponse->getOperatorUrls()) && !empty($discoveryResponse->getOperatorUrls()->getRequestTokenUrl())) {
                    $requestTokenUrl = $discoveryResponse->getOperatorUrls()->getRequestTokenUrl();
                }
                $issuer = $discoveryResponse->getProviderMetadata()["issuer"];
    
                $response = $authentication->RequestToken($clientId, $clientSecret, $requestTokenUrl, $config->getRedirectUrl(), $code);
                $jwKeySet = $jwks->RetrieveJWKS($discoveryResponse->getOperatorUrls()->getJWKSUrl());
                if (isset($discoveryResponse->getProviderMetadata()['mobile_connect_version_supported'])) {
                    $supportedVersions = new SupportedVersions($discoveryResponse->getProviderMetadata()['mobile_connect_version_supported']);
                } else {
                    $supportedVersions = new SupportedVersions(null);
                }
                return static::HandleTokenResponse($authentication, $response, $clientId, $issuer, $expectedNonce, $jwKeySet,
                    $supportedVersions->getMaxSupportedVersion(), $options);
    
            } catch(Exception $ex) {
                return MobileConnectStatus::Error("unknown_error", "A failure occured while requesting a token", $ex);
            }
            return MobileConnectStatus::Complete($response);
        }

    After RequestToken method performing server side returns the Token JSON response to client side application.

    The level of authentication required to authorise the transaction defaults to LoA2 (Authorisation), but you can increase it by adding the optional parameter acr_value and setting the value to "3" (for Authorisation Plus).

    Using Mobile Connect Identity and Attributes

    A successful call to the Authorisation endpoint returns an id_token identifying the user, and an access token that grants your application permission to request their personal information (referred to as Claims). This information contains a range of data; the exact data you can request is specified in the access token, and is limited to those Claims the end user has permitted as part of the original authorisation request.

    Note: the access token is for single use only, and expires immediately upon use.

    You request access to the Identity endpoint by specifying the appropriate scope. Please use list of scopes that you can pass when requesting specific Identity products:

    • Identity: Phone Number – openid mc_identity_phonenumber
    • Identity: Sign-up – openid mc_identity_signup
    • Identity: National Identity – openid mc_identity_nationalid

    Upon successful authorisation, the server side provides an IdentityResponse with the user information JSON available as a property. The following example can be used to convert the JSON data to a class - IdentityData - which is provided with all recognised claims.

        public static function startEndpointRequest($mobileConnect, $config, $discoveryResponse, $authResponse) {
            $status = null;
            $mobileConnectWebResponse = ResponseConverter::Convert($authResponse);
            $token = $mobileConnectWebResponse->getToken()[Constants::ACCESS_TOKEN];
            $apiVersion = $config->getApiVersion();
            $scopes = $config->getScopes();
            if ($apiVersion == (DefaultOptions::VERSION_1_1) & !empty($discoveryResponse->getOperatorUrls()->getUserInfoUrl())) {
                $status = EndpointUtils::requestUserInfo($mobileConnect, $discoveryResponse, $scopes, $token);
            } else if (($apiVersion == (DefaultOptions::VERSION_DI_2_3) || $apiVersion == (DefaultOptions::VERSION_2_0)) & !empty($discoveryResponse->getOperatorUrls()->getPremiumInfoUrl())) {
                $status = EndpointUtils::requestIdentity($mobileConnect, $discoveryResponse, $scopes, $token);
            }
            return $status;
        }
        private static function requestUserInfo($mobileConnect, $discoveryResponse, $scopes, $token) {
            foreach ( Constants::USERINFO_SCOPES as $userInfoScope) {
                if ( strpos($scopes, $userInfoScope) !== false) {
                    $status = $mobileConnect->RequestUserInfoByDiscoveryResponse($discoveryResponse, $token, new MobileConnectRequestOptions());
                    return $status;
                }
            }
        }
        private static function requestIdentity($mobileConnect, $discoveryResponse, $scopes, $token) {
            foreach (Constants::IDENTITY_SCOPES as $identityScope) {
                if (strpos($scopes, $identityScope) !== false) {
                    $status = $mobileConnect->RequestIdentityByDiscoveryResponse($discoveryResponse, $token, new MobileConnectRequestOptions());
                    return $status;
                }
            }
        }

    Further Reference

  • Mobile Connect API Reference