#! /usr/bin/env ruby

# Define credentials obtained from Wonde dashboard SSO settings
CLIENT_ID="<Your Client ID goes here>"
CLIENT_SECRET="<Your Client Secret goes here>"
REDIRECT_URI="http://localhost:8123"

# Now define the Wonde SSO and API endpoints
AUTH_URI="https://edu.wonde.com/oauth/authorize"
TOKEN_URI="https://api.wonde.com/oauth/token"
GRAPHQL_URI="https://api.wonde.com/graphql/me"

require 'webrick'
require 'uri'
require 'net/http'
require 'json'


################################################ HELPER METHODS ###################################################


##
# Redirect the user to our UI to authorise access
#
def authorise response
    params = {
        client_id: CLIENT_ID,
        redirect_uri: REDIRECT_URI,
        response_type: 'code',
    }

    response.set_redirect WEBrick::HTTPStatus::Found, "#{AUTH_URI}?#{URI.encode_www_form(params)}"
end

##
# Get an access token using the authorisation code obtained from an earlier redirect
##
def getAccessToken(code)
    params = {
        grant_type: 'authorization_code',
        client_id: CLIENT_ID,
        client_secret: CLIENT_SECRET,
        redirect_uri: REDIRECT_URI,
        code: code,
    }

    response = httpRequest(TOKEN_URI, params, nil)

    if response.kind_of? Net::HTTPSuccess
        puts "getAccessToken Success!"
        body = JSON.parse response.body
        return body["access_token"]
    else
        puts "getAccessToken Failure!"
        return nil
    end

end

##
# Access the API using the access token obtained earlier
##
def makeApiRequest(access_token)
    query = <<-GRAPHQL
        {
            Me {
                id
                Person {
                    __typename
                    ... on Student {
                        id
                        type
                        forename
                        middle_names
                        surname
                    }
                    ... on Contact {
                        id
                        type
                        forename
                        middle_names
                        surname
                    }
                    ... on Employee {
                        id
                        type
                        forename
                        middle_names
                        surname
                    }
                }
            }
        }
    GRAPHQL

    params = {
        query: query,
    }

    # return httpRequest(GRAPHQL_URI, $params, $access_token);
    response = httpRequest(GRAPHQL_URI, params, access_token)

    if response.kind_of? Net::HTTPSuccess
        puts "makeApiRequest Success!"
        return response.body
    else
        puts "makeApiRequest Failure!"
        return nil
    end
end

##
# Make a request, optionally with POST data and an access token, if obtained
##
def httpRequest(url, params, access_token = nil)

    uri = URI(url)

    Net::HTTP.start(uri.host, uri.port,
        :use_ssl => uri.scheme == 'https') do |http|
        request = Net::HTTP::Post.new uri
        request['Authorization'] = "Bearer #{access_token}" if access_token
        request.set_form_data params

        puts "Sending Request: "
        puts request.inspect
        response = http.request request
        puts "Request response: "
        puts response.inspect
        puts "Request response body: "
        puts response.body.inspect
        response
    end
end


################################################ RUN SERVER ###################################################

# signal handling
trap("INT") { @server.shutdown }
trap("TERM") { @server.shutdown }

begin
    @server  = WEBrick::HTTPServer.new :Port => 8123

    @server.mount_proc '/' do |req, res|
        # Ready to go, so now route this request accordingly
        case (not req.query['code'].nil?)
        # A) User has NOT been redirected away and authorised access to this
        # application, so redirect them to the Wonde UI to complete this
        when false
            authorise(res)
            puts "Redirecting...."

        # B) User has been redirected and has authorised, so use their
        # authorisation code to get a token and make an API request
        when true
            puts 'code: '
            puts req.query['code']

            access_token = getAccessToken(req.query['code'])
            if access_token
                puts 'access_token:'
                puts access_token

                data = makeApiRequest(access_token)
                if data
                    res.body = data
                else data
                    res.body = "Error while making API request."
                end
            else
                res.body = "Error while getting access token."
            end
        end
    end

    @server.start
end
							

Single Sign-On API Docs

Wonde SSO gives students, staff and parents one login to access apps powered by the school data provided by Wonde.

Our simple to use industry standard OAuth2 API allows you to get up and running in minutes. The API can be used to access data relating to the individual, class or in conjunction with the School Sync API.

Our documentation and code samples allow you to get started straight away.

This site uses cookies.

Read our Cookie policy