d3strukt0r/oauth2-orbitrondev

此包已被弃用且不再维护。未建议替代包。

为 PHP League OAuth2-Client 提供的 OAuth 2.0 客户端提供程序第二代

维护者

详情

github.com/D3strukt0r/oauth2-generation-2

安装: 176

依赖者: 0

建议者: 0

安全: 0

星级: 0

关注者: 1

分支: 0

此包尚未发布版本,信息不多。

README

此包为 PHP League OAuth 2.0 客户端提供 OAuth 2.0 支持第二代。

项目

许可证 版本 (Packagist) 下载 (Packagist) 所需 PHP 版本
License 发布:版本
预发布:版本(包括预发布)		 Downloads on Packagist Required PHP version

master-分支(别名稳定,最新)

Travis CI Coveralls Scrutinizer CI Read the Docs
Travis build status Coveralls Scrutinizer build status
Scrutinizer code quality		 Docs build status

develop-分支(别名夜间版)

Travis CI Coveralls Scrutinizer CI Read the Docs
Travis build status Coveralls Scrutinizer build status
Scrutinizer code quality		 Docs build status

此包符合 PSR-1PSR-2PSR-4。如果发现合规性疏忽,请通过拉取请求发送补丁。

入门

先决条件

以下版本的 PHP 受支持。

  • PHP 7.1
  • PHP 7.2
  • PHP 7.3
  • PHP 7.4
  • HHVM

Generation 2 App 还需要设置,这将为您提供所需的 {app-id}{app-secret}(见下文 用法)。

安装

安装时使用 composer

composer require generation-2/oauth2-generation-2

用法

授权代码流

$provider = new Generation2\OAuth2\Client\Provider\Generation2Provider([
    'clientId'     => '{app-id}',     // The client ID assigned to you by the provider
    'clientSecret' => '{app-secret}', // The client password assigned to you by the provider
    'redirectUri'  => 'https://example.com/callback-url',
]);

if (!empty($_GET['error'])) {

    // Got an error, probably user denied access
    unset($_SESSION['oauth2state']);
    exit('Got error: '.htmlspecialchars($_GET['error_description']).' ('.htmlspecialchars($_GET['error']).')');

// If we don't have an authorization code then get one
} elseif (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl([
        'scope' => 'user:id user:email',
    ]);

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: '.$authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    // State is invalid, possible CSRF attack in progress
    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {
    try {

        // Try to get an access token using the authorization code grant.
        $accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code'],
        ]);

        // Use this to interact with an API on the users behalf
        echo $token->getToken();
    
        // Use this to get a new access token if the old one expires
        echo $token->getRefreshToken();
    
        // Exact timestamp when the access token will expire, and need refreshing
        echo $token->getExpires();
    
        // Optional: Now you have a token you can look up a users profile data

        // We got an access token, let's now get the owner details
        $ownerDetails = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $ownerDetails->getId());

    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());
    }
}

刷新令牌

刷新令牌仅提供给请求离线访问的应用程序。您可以通过设置提供者中的 accessType 选项来指定离线访问。

$provider = new Generation2\OAuth2\Client\Provider\Generation2Provider([
    'clientId'     => '{app-id}',     // The client ID assigned to you by the provider
    'clientSecret' => '{app-secret}', // The client password assigned to you by the provider
    'redirectUri'  => 'https://example.com/callback-url',
]);

请注意,刷新令牌仅在第一次请求后返回,之后将变为null。当刷新令牌返回时,您应该安全地存储它

$accessToken = $provider->getAccessToken('authorization_code', [
    'code' => $code
]);

// persist the token in a database
$refreshToken = $accessToken->getRefreshToken();

如果您需要获取新的刷新令牌,可以通过强制审批提示来请求一个

$authorizationUrl = $provider->getAuthorizationUrl(['approval_prompt' => 'force']);

现在您已经拥有了使用刷新令牌刷新访问令牌所需的一切

$provider = new Generation2\OAuth2\Client\Provider\Generation2Provider([
    'clientId'     => '{app-id}',     // The client ID assigned to you by the provider
    'clientSecret' => '{app-secret}', // The client password assigned to you by the provider
    'redirectUri'  => 'https://example.com/callback-url',
]);

$newAccessToken = $provider->getAccessToken('refresh_token', [
    'refresh_token' => $oldAccessToken->getRefreshToken()
]);

作用域

如果需要,您可以在获取授权URL时包含一个作用域数组。示例

$authorizationUrl = $provider->getAuthorizationUrl([
    'scope' => [
        'user:id user:email',
    ]
]);
header('Location: '.$authorizationUrl);
exit;

运行测试

$ ./vendor/bin/phpunit

构建工具

贡献

请阅读CONTRIBUTING.md以了解我们的行为准则以及向我们的提交拉取请求的流程。

版本控制

我们使用SemVer进行版本控制。有关可用的版本,请参阅此存储库的标签

作者

请参阅参与此项目的贡献者列表

许可协议

本项目采用GNU通用公共许可证v3.0授权 - 有关详细信息,请参阅LICENSE.txt文件

致谢

  • 向任何使用过其代码的人表示感谢
  • 灵感