// Define credentials obtained from Wonde dashboard SSO settings
define('CLIENT_ID', <Your Client ID goes here>);
define('CLIENT_SECRET', '<Your Client Secret goes here>');
define('REDIRECT_URI', 'http://localhost:8123');

// Now define the Wonde SSO and API endpoints
define('AUTH_URI', 'https://edu.wonde.com/oauth/authorize');
define('TOKEN_URI', 'https://api.wonde.com/oauth/token');
define('GRAPHQL_URI', 'https://api.wonde.com/graphql/me');

// Ready to go, so now route this request accordingly
switch ($has_user_authorised_access = !empty($_GET)) {

    // A) User has NOT been redirected away and authorised access to this
    // application, so redirect them to the Wonde UI to complete this
    case false:
        authorise();
        break;

    // B) User has been redirected and has authorised, so use their
    // authorisation code to get a token and make an API request
    case true:
        $access_token = getAccessToken($_GET['code']);
        $data = makeApiRequest($access_token);
        echo '<pre>' . json_encode($data, JSON_PRETTY_PRINT) . '<pre>';
        break;
}

die('Finished!');

/**
 * Redirect the user to our UI to authorise access
 */
function authorise()
{
    $params = [
        'client_id' => CLIENT_ID,
        'redirect_uri' => REDIRECT_URI,
        'response_type' => 'code',
    ];

    header('Location: ' . AUTH_URI . '?' . http_build_query($params));
}

/**
 * Get an access token using the authorisation code obtained from an earlier redirect
 */
function getAccessToken($code)
{
    $params = [
        'grant_type' => 'authorization_code',
        'client_id' => CLIENT_ID,
        'client_secret' => CLIENT_SECRET,
        'redirect_uri' => REDIRECT_URI,
        'code' => $code,
    ];

    return httpRequest($uri = TOKEN_URI, $params, $access_token = null)->access_token;
}

/**
 * Access the API using the access token obtained earlier
 */
function makeApiRequest($access_token)
{
    $query = <<<'GRAPHQL'
{
    Me {
        id
        Person {
            __typename
            ... on Student {
                id
                type
                forename
                middle_names
                surname
            }
            ... on Contact {
                id
                type
                forename
                middle_names
                surname
            }
            ... on Employee {
                id
                type
                forename
                middle_names
                surname
            }
        }
    }
}
GRAPHQL;

    $params = [
        'query' => $query,
    ];

    return httpRequest(GRAPHQL_URI, $params, $access_token);
}

/**
 * Make a CURL request, optionally with POST data and an access token, if obtained
 */
function httpRequest($url, $params, $access_token)
{
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    if ($params) {
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
    }

    if ($access_token) {
        curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: Bearer ' . $access_token]);
    }

    $response = curl_exec($ch);

    return json_decode($response);
}
							

Single Sign-On API Docs

Wonde SSO gives students, staff and parents one login to access apps powered by the school data provided by Wonde.

Our simple to use industry standard OAuth2 API allows you to get up and running in minutes. The API can be used to access data relating to the individual, class or in conjunction with the School Sync API.

Our documentation and code samples allow you to get started straight away.

This site uses cookies.

Read our Cookie policy