conquer/oauth2

Yii2 框架的 Oauth2 服务器扩展

维护者

详细信息

github.com/borodulin/yii2-oauth2-server

主页

源代码

问题

安装次数: 84,868

依赖关系: 2

建议者: 0

安全性: 0

星标: 77

关注者: 13

分支: 39

开放性问题: 6

类型:yii2-extension

1.7.1 2018-12-05 13:00 UTC

Requires

Requires (Dev)

MIT 28be1ea3caabdd0387349f3176aa91b8d68ffa99

  • Andrey Borodulin <borodulin.woop@gmail.com>

oauth2yii2oauth2-server

This package is auto-updated.

Last update: 2024-09-23 23:35:10 UTC

README

Build Status

描述

此扩展提供了使用 Yii2 框架实现 OAuth 2.0 规范的简单方法。

安装

安装此扩展的首选方法是通过 composer

安装方法如下:

$ php composer.phar require conquer/oauth2 "*"

或将其添加到您的 composer.json 文件的 require 部分:

"conquer/oauth2": "*"

迁移文件可以从 migrations 文件夹中获取。

要将迁移添加到您的应用程序中,请编辑控制台配置文件以配置 命名空间迁移

'controllerMap' => [
    // ...
    'migrate' => [
        'class' => 'yii\console\controllers\MigrateController',
        'migrationPath' => null,
        'migrationNamespaces' => [
            // ...
            'conquer\oauth2\migrations',
        ],
    ],
],

然后运行 migrate/up 命令

yii migrate/up

您还需要指定此包的消息翻译源

'components' => [
    'i18n' => [
        'translations' => [
            'conquer/oauth2' => [
                'class' => \yii\i18n\PhpMessageSource::class,
                'basePath' => '@conquer/oauth2/messages',
            ],
        ],
    ]
],

用法

OAuth 2.0 授权用法

namespace app\controllers;

use app\models\LoginForm;

class AuthController extends \yii\web\Controller
{
    public function behaviors()
    {
        return [
            /** 
             * Checks oauth2 credentions and try to perform OAuth2 authorization on logged user.
             * AuthorizeFilter uses session to store incoming oauth2 request, so 
             * you can do additional steps, such as third party oauth authorization (Facebook, Google ...)  
             */
            'oauth2Auth' => [
                'class' => \conquer\oauth2\AuthorizeFilter::className(),
                'only' => ['index'],
            ],
        ];
    }
    public function actions()
    {
        return [
            /**
             * Returns an access token.
             */
            'token' => [
                'class' => \conquer\oauth2\TokenAction::classname(),
            ],
            /**
             * OPTIONAL
             * Third party oauth providers also can be used.
             */
            'back' => [
                'class' => \yii\authclient\AuthAction::className(),
                'successCallback' => [$this, 'successCallback'],
            ],
        ];
    }
    /**
     * Display login form, signup or something else.
     * AuthClients such as Google also may be used
     */
    public function actionIndex()
    {
        $model = new LoginForm();
        if ($model->load(\Yii::$app->request->post()) && $model->login()) {
            if ($this->isOauthRequest) {
                $this->finishAuthorization();
            } else {
                return $this->goBack();
            }
        } else {
            return $this->render('index', [
                'model' => $model,
            ]);
        }
    }
    /**
     * OPTIONAL
     * Third party oauth callback sample
     * @param OAuth2 $client
     */
    public function successCallback($client)
    {
        switch ($client::className()) {
            case GoogleOAuth::className():
                // Do login with automatic signup                
                break;
            ...
            default:
                break;
        }
        /**
         * If user is logged on, redirects to oauth client with success,
         * or redirects error with Access Denied
         */
        if ($this->isOauthRequest) {
            $this->finishAuthorization();
        }
    }
    
}

API 控制器示例

class ApiController extends \yii\rest\Controller
{
    public function behaviors()
    {
        return [
            /** 
             * Performs authorization by token
             */
            'tokenAuth' => [
                'class' => \conquer\oauth2\TokenAuth::className(),
            ],
        ];
    }
    /**
     * Returns username and email
     */
    public function actionIndex()
    {
        $user = \Yii::$app->user->identity;
        return [
            'username' => $user->username,
            'email' =>  $user->email,
        ];
    }
}

客户端配置示例

return [
...
   'components' => [
       'authClientCollection' => [
            'class' => 'yii\authclient\Collection',
            'clients' => [
                'myserver' => [
                    'class' => 'yii\authclient\OAuth2',
                    'clientId' => 'unique client_id',
                    'clientSecret' => 'client_secret',
                    'tokenUrl' => 'http://myserver.local/auth/token',
                    'authUrl' => 'http://myserver.local/auth/index',
                    'apiBaseUrl' => 'http://myserver.local/api',
                ],
            ],
        ],
];

如果您想使用资源所有者密码凭据授权,请实现 \conquer\oauth2\OAuth2IdentityInterface

use conquer\oauth2\OAuth2IdentityInterface;

class User extends ActiveRecord implements IdentityInterface, OAuth2IdentityInterface
{
    ...
    
    /**
     * Finds user by username
     *
     * @param string $username
     * @return static|null
     */
    public static function findIdentityByUsername($username)
    {
        return static::findOne(['username' => $username]);
    }
    
    /**
     * Validates password
     *
     * @param string $password password to validate
     * @return bool if password provided is valid for current user
     */
    public function validatePassword($password)
    {
        return Yii::$app->security->validatePassword($password, $this->password_hash);
    }
    
    ...
}

警告

如官方文档所述

由于此访问令牌请求使用了资源所有者的密码,授权服务器必须保护端点免受暴力攻击(例如,使用速率限制或生成警报)。

强烈建议对令牌端点进行速率限制。幸运的是,Yii2 有工具可以做到这一点。

有关更多信息,请参阅 Yii2 Ratelimiter

许可协议

conquer/oauth2 在 MIT 许可协议下发布。有关详细信息,请参阅附带 LICENSE 文件。