通过 
搜索
搜索furdarius / oidconnect-laravel
此包已被放弃,不再维护。未建议替代包。
Laravel 框架的 Open ID Connect 客户端库
dev-master
2017-11-23 13:20 UTC
Requires
- illuminate/database: ^5.4
- illuminate/routing: ^5.4
- laravel/socialite: ^3.0
- lcobucci/jwt: ^4.0-dev
This package is not auto-updated.
Last update: 2020-01-24 16:42:30 UTC
README
OpenIDConnect Laravel 包旨在为您提供使用 OpenID Connect 协议轻松认证用户的机会。
安装
要安装此包,您需要
- Laravel 5.4+
- PHP 7.1+
使用 composer 安装
composer require furdarius/oidconnect-laravel:dev-master
打开 config/app.php 并在上面的应用程序提供者之上注册所需的提供者。
'providers' => [ ... Laravel\Socialite\SocialiteServiceProvider::class, Furdarius\OIDConnect\ServiceProvider::class ... ]
如果您想更改配置文件中的配置,可以使用以下 artisan 命令发布它
php artisan vendor:publish --provider="Furdarius\OIDConnect\ServiceProvider"
之后,整理迁移
php artisan migrate
使用
配置
首先,您需要在您的应用程序使用的 OpenID Connect 服务的凭据。这些凭据应放置在您的 config/opidconnect.php 配置文件中。
<?php return [ 'client_id' => 'CLIENT_ID_HERE', 'client_secret' => 'CLIENT_SECRET_HERE', 'redirect' => env('APP_URL') . '/auth/callback', 'auth' => 'https://oidc.service.com/auth', 'token' => 'https://oidc.service.com/token', 'keys' => 'https://oidc.service.com/keys', ];
端点
现在,您的应用程序有认证端点
GET /auth/redirect- 用于将客户端重定向到认证服务登录页面。GET /auth/callback- 当认证服务将客户端重定向到带有代码的回调 URL 时使用。POST /auth/refresh- 由客户端用于刷新 ID Token。
中间件
您需要在受保护的路由上使用 Auth 中间件。打开 App\Http\Kernel 并在 $routeMiddleware 中注册中间件。
protected $routeMiddleware = [ 'token' => \Furdarius\OIDConnect\TokenMiddleware::class ];
然后像平常一样使用它
Route::middleware('token')->get('/protected', function (Illuminate\Http\Request $request) { return "You are on protected zone"; });
用户认证
创建您自己的 StatelessGuard 并在 config/auth.php 中设置它。示例
守卫
<?php namespace App\Auth; use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\GuardHelpers; use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Contracts\Auth\Guard; use Illuminate\Support\Traits\Macroable; class StatelessGuard implements Guard { use GuardHelpers, Macroable; /** * @return \Illuminate\Contracts\Auth\Authenticatable * @throws AuthenticationException */ public function user() { if (null === $this->user) { throw new AuthenticationException('Unauthenticated user'); } return $this->user; } /** * @param array $credentials * @return bool */ public function validate(array $credentials = []) { return $this->user instanceof Authenticatable; } }
配置(config/auth.php)
'defaults' => [ 'guard' => 'stateless', 'passwords' => 'users', ], ... 'guards' => [ 'stateless' => [ 'driver' => 'stateless' ] ],
然后实现自己的 Authenticator。示例
<?php namespace App\Auth; use App\User; use Furdarius\OIDConnect\Contract\Authenticator; use Furdarius\OIDConnect\Exception\AuthenticationException; use Lcobucci\JWT\Token\DataSet; class PersonAuthenticatorAdapter implements Authenticator { /** * @param DataSet $claims * * @return void */ public function authUser(DataSet $claims) { $email = $claims->get('email'); if (!$email) { throw new AuthenticationException('User\'s email not present in token'); } $model = new User(['email' => $email]); \Auth::setUser($model); } }
然后实现认证提供者服务。示例
<?php namespace App\Auth; use Furdarius\OIDConnect\Contract\Authenticator; use Illuminate\Support\ServiceProvider; class AuthenticatorServiceProvider extends ServiceProvider { /** * Bootstrap any application services. * * @return void */ public function boot() { \Auth::extend('stateless', function () { return new StatelessGuard(); }); } /** * Register any application services. * * @return void */ public function register() { $this->app->singleton(Authenticator::class, function ($app) { return new PersonAuthenticatorAdapter(); }); } }
然后在 config/app.php 中注册它
'providers' => [
...
App\Auth\AuthenticatorServiceProvider::class,
...
]
现在您可以使用 \Auth::user(); 获取当前用户信息。