README

使用Doctrine ORM实现OAuth2服务器。

该包基于BShaffer的OAuth2实现，并适配使用Doctrine、PSR4和PSR7。

需求

bshaffer/oauth2-server-php

dasprid/container-interop-doctrine

安装

将ConfigProvider添加到config/container.php文件中

<?php

...
$aggregator = new ConfigAggregator([
    ...
    \OAuth2Server\ConfigProvider::class,
    ...
], $cacheConfig['config_cache_path']);

在config/autoload/local.php中添加一个oauth2数组

return [
    ...
    'oauth2' => [
            'db' => [
                'dsn'      => '', // For example "mysql:dbname=oauth2_db;host=localhost"
                'username' => '', // Database username
                'password' => '', // Database password
            ],
            'allow_implicit'    => true, // Default (set to true when you need to support browser-based or mobile apps)
            'access_lifetime'   => 3600, // Default (set a value in seconds for access tokens lifetime)
            'enforce_state'     => true,  // Default
            'always_issue_new_refresh_token' => true, // Set to true in order to receive a refresh token always
            'keys_folder' => './config/keys', // Public and private keys folder location
            'user_entity'       => '', // MANDATORY user entity, must implement UserInterface
            'client_service'       => '', // OPTIONAL client service, must implement ClientInterface
        ],
        ...

];

或者，您可以复制config/autoload文件夹中的data\oauth2.local.php.dist文件，并根据需要更改其中的值。

您必须指定一个实体用于user_entity配置项。user_entity类必须实现接口

OAuth2Server\Entity\UserInterface

可选，如果您想更改获取客户端详细信息、作用域或授权类型检查，可以在client_service设置参数中指定一个客户端服务。客户端服务必须实现接口

OAuth2\Storage\ClientInterface

在config文件夹中创建一个名为keys的文件夹，并在其中生成私有和公开密钥
1. 创建私有密钥：openssl genrsa -out private.key 1024
2. 创建公开密钥：openssl rsa -in private.key -pubout > public.key
或者，您可以从data文件夹中复制预生成的密钥

预生成的密钥是在没有密码的情况下生成的。

或者，您可以在项目结构的任何位置生成密钥，并在config数组下指定密钥的位置，键为'keys_folder'

用法

在routes.php文件中添加以下条目

$app->post('/authorize', \OAuth2Server\Middleware\Authorize::class, 'authorize');
$app->post('/access_token', \OAuth2Server\Middleware\Token::class, 'access_token');

使用包含的迁移文件创建数据库模式：20171107115657_oauth.php

添加一个客户端

client_id: test
client_secret: test 
grant_types: authorization_code password refresh_token

授权

对于authorize方法，对

https://:8080/authorize?client_id=test&response_type=code&state=asdf123&redirect_uri=http%3A%2F%2Flocalhost:8080%2Fauthorize

执行GET将验证URL并重定向到授权/拒绝页面

授权后将重定向到提供的重定向URI，并带有授权令牌

使用以下body字段向/authorize URI发送POST请求


Postman:

[
    {"key":"grant_type","value":"authorization_code","description":""},
    {"key":"client_id","value":"test","description":""},
    {"key":"client_secret","value":"test","description":""},
    {"key":"scope","value":"test","description":""},
    {"key":"code","value":"<AUTHORIZATION_CODE>","description":""},
    {"key":"redirect_uri","value":"<URL>","description":""}
]

将返回一个有效的令牌，您可以使用它多次，例如

{
    "access_token": "7b2d00806e938ad976071c4d4d5cd1fe6bc680e9",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "test",
    "refresh_token": "471cae69cf042921348f284881de0477528017c7"
}

密码

使用

username: test
password: test

对于密码方法，对/access_token路由执行POST请求，以下body

Postman

[
  {"key":"grant_type","value":"password","description":""},
  {"key":"client_id","value":"test","description":""},
  {"key":"client_secret","value":"test","description":""},
  {"key":"username","value":"test","description":""},
  {"key":"password","value":"test","description":""},
  {"key":"scope","value":"test","description":""}
]

将返回一个访问令牌，例如

{
    "access_token": "0d5e4bf51129e0fe2c94f9ecb91786ffab0018b2",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "test",
    "refresh_token": "1f67452221c02257ca39f7934906bf92db8cd51f"
}

访问令牌使用

将\OAuth2Server\Middleware\VerifyResource中间件连接到一个路由，将验证访问令牌的有效性

$app->get('/', [ \OAuth2Server\Middleware\VerifyResource::class, App\Action\HomePageAction::class ], 'home');

有效的GET请求

https://:8080/

必须包含Authorization头。例如

Authorization: Bearer <TOKEN>

bandronic / oauth2server

维护者

详情

README

需求

安装

用法

授权

密码

访问令牌使用