Natively Connect to PingOne Data in PHP

Drop the CData ODBC Driver for PingOne into your LAMP or WAMP stack to build PingOne-connected Web applications. This article shows how to use PHP's ODBC built-in functions to connect to PingOne data, execute queries, and output the results.

Using the CData ODBC Drivers on a UNIX/Linux Machine

The CData ODBC Drivers are supported in various Red Hat-based and Debian-based systems, including Ubuntu, Debian, RHEL, CentOS, and Fedora. There are also several libraries and packages that are required, many of which may be installed by default, depending on your system. For more information on the supported versions of Linux operating systems and the required libraries, please refer to the "Getting Started" section in the help documentation (installed and found online).

Installing the Driver Manager

Before installing the driver, check that your system has a driver manager. For this article, you will use unixODBC, a free and open source ODBC Driver manager that is widely supported.

For Debian-based systems like Ubuntu, you can install unixODBC with the APT package manager:

For systems based on Red Hat Linux, you can install unixODBC with yum or dnf:

The unixODBC driver manager reads information about drivers from an odbcinst.ini file and about data sources from an odbc.ini file. You can determine the location of the configuration files on your system by entering the following command into a terminal:

The output of the command will display the locations of the configuration files for ODBC data sources and registered ODBC drivers. User data sources can only be accessed by the user account whose home folder the odbc.ini is located in. System data sources can be accessed by all users. Below is an example of the output of this command:

Installing the Driver

You can download the driver in standard package formats: the Debian .deb package format or the .rpm file format. Once you have downloaded the file, you can install the driver from the terminal.

The driver installer registers the driver with unixODBC and creates a system DSN, which can be used later in any tools or applications that support ODBC connectivity.

For Debian-based systems like Ubuntu, run the following command with sudo or as root: $ dpkg -i /path/to/package.deb

For Red Hat systems or other systems that support .rpms, run the following command with sudo or as root: $ rpm -i /path/to/package.rpm

Once the driver is installed, you can list the registered drivers and defined data sources using the unixODBC driver manager:

List the Registered Driver(s)

List the Defined Data Source(s)

To use the CData ODBC Driver for PingOne with unixODBC, ensure that the driver is configured to use UTF-16. To do so, edit the INI file for the driver (cdata.odbc.pingone.ini), which can be found in the lib folder in the installation location (typically /opt/cdata/cdata-odbc-driver-for-pingone), as follows:

cdata.odbc.pingone.ini

Modifying the DSN

The driver installation predefines a system DSN. You can modify the DSN by editing the system data sources file (/etc/odbc.ini) and defining the required connection properties. Additionally, you can create user-specific DSNs that will not require root access to modify in $HOME/.odbc.ini.

To connect to PingOne, configure these properties:

• Region: The region where the data for your PingOne organization is being hosted.
• AuthScheme: The type of authentication to use when connecting to PingOne.
• Either WorkerAppEnvironmentId (required when using the default PingOne domain) or AuthorizationServerURL, configured as described below.

Configuring WorkerAppEnvironmentId

WorkerAppEnvironmentId is the ID of the PingOne environment in which your Worker application resides. This parameter is used only when the environment is using the default PingOne domain (auth.pingone). It is configured after you have created the custom OAuth application you will use to authenticate to PingOne, as described in Creating a Custom OAuth Application in the Help documentation.

First, find the value for this property:

1. From the home page of your PingOne organization, move to the navigation sidebar and click Environments.
2. Find the environment in which you have created your custom OAuth/Worker application (usually Administrators), and click Manage Environment. The environment's home page displays.
3. In the environment's home page navigation sidebar, click Applications.
4. Find your OAuth or Worker application details in the list.
5. Copy the value in the Environment ID field. It should look similar to:
   WorkerAppEnvironmentId='11e96fc7-aa4d-4a60-8196-9acf91424eca'

Now set WorkerAppEnvironmentId to the value of the Environment ID field.

Configuring AuthorizationServerURL

AuthorizationServerURL is the base URL of the PingOne authorization server for the environment where your application is located. This property is only used when you have set up a custom domain for the environment, as described in the PingOne platform API documentation. See Custom Domains.

Authenticating to PingOne with OAuth

PingOne supports both OAuth and OAuthClient authentication. In addition to performing the configuration steps described above, there are two more steps to complete to support OAuth or OAuthCliet authentication:

• Create and configure a custom OAuth application, as described in Creating a Custom OAuth Application in the Help documentation.
• To ensure that the driver can access the entities in Data Model, confirm that you have configured the correct roles for the admin user/worker application you will be using, as described in Administrator Roles in the Help documentation.
• Set the appropriate properties for the authscheme and authflow of your choice, as described in the following subsections.

OAuth (Authorization Code grant)

Set AuthScheme to OAuth.

Desktop Applications

Get and Refresh the OAuth Access Token

After setting the following, you are ready to connect:

• InitiateOAuth: GETANDREFRESH. To avoid the need to repeat the OAuth exchange and manually setting the OAuthAccessToken each time you connect, use InitiateOAuth.
• OAuthClientId: The Client ID you obtained when you created your custom OAuth application.
• OAuthClientSecret: The Client Secret you obtained when you created your custom OAuth application.
• CallbackURL: The redirect URI you defined when you registered your custom OAuth application. For example: https://localhost:3333

When you connect, the driver opens PingOne's OAuth endpoint in your default browser. Log in and grant permissions to the application. The driver then completes the OAuth process:

1. The driver obtains an access token from PingOne and uses it to request data.
2. The OAuth values are saved in the location specified in OAuthSettingsLocation, to be persisted across connections.

The driver refreshes the access token automatically when it expires.

For other OAuth methods, including Web Applications, Headless Machines, or Client Credentials Grant, refer to the Help documentation.

/etc/odbc.ini or $HOME/.odbc.ini

For specific information on using these configuration files, please refer to the help documentation (installed and found online).

Establish a Connection

Open the connection to PingOne by calling the odbc_connect or odbc_pconnect methods. To close connections, use odbc_close or odbc_close_all.

Connections opened with odbc_connect are closed when the script ends. Connections opened with the odbc_pconnect method are still open after the script ends. This enables other scripts to share that connection when they connect with the same credentials. By sharing connections among your scripts, you can save system resources and queries execute faster.

Create Prepared Statements

Create prepared statements and parameterized queries with the odbc_prepare function.

Execute Queries

Execute prepared statements with odbc_execute.

Execute nonparameterized queries with odbc_exec.

Process Results

Access a row in the result set as an array with the odbc_fetch_array function.

Display the result set in an HTML table with the odbc_result_all function.

More Example Queries

You will find complete information on the SQL queries supported by the driver in the help documentation. The code examples above are PingOne-specific adaptations of the PHP community documentation for all ODBC functions.