halloverden / symfony-oidc-client-bundle
symfony 的 OpenID Connect 客户端包
3.9.0
2024-09-23 08:49 UTC
Requires
- php: >=8.2
- halloverden/symfony-oidc-contracts: ^2.0
- jms/serializer-bundle: ^5.0
- nyholm/psr7: ^1.3
- spomky-labs/base64url: ^2.0
- symfony/framework-bundle: ^6.4|^7.1
- symfony/http-client: ^6.4|^7.4
- web-token/jwt-bundle: ^3.0
- web-token/jwt-checker: ^3.0
- web-token/jwt-signature: ^3.0
- web-token/jwt-signature-algorithm-rsa: ^3.0
README
symfony 的 OpenID Connect 客户端包
安装
composer require halloverden/symfony-oidc-client-bundle
- 将
hallo_verden_oidc_client.yaml
复制到您的项目文件夹中,并根据需要编辑它。
认证器
认证器可以用于使用您的 OpenID 提供器的访问令牌进行认证。
- 创建实现
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface
的类 - 启用认证器和您想要作为服务使用的类
HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface: class: App\Services\OauthUserProviderService # Your class HalloVerden\Security\AccessTokenAuthenticator: ~ HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
- 将认证器添加到您的安全配置中。
guard: authenticators: - HalloVerden\Security\AccessTokenAuthenticator entry_point: HalloVerden\Security\AccessTokenAuthenticator
OauthAuthorizeService
您可以使用 OauthAuthorizeService 从后端登录用户。
- 启用该服务
HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface: class: HalloVerden\Oidc\ClientBundle\Services\OauthAuthorizeService arguments: $openIdProviderService: '@hv.oidc.openid_provider.default' # Default refers to the client_configurations key in you config $authorizeSuccessUrl: 'https:///success' # Where to redirect the user on success $authorizeErrorUrl: 'https:///error' # Where to redirect the user on error
- 创建两个控制器
<?php namespace App\Controller; use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface; use Symfony\Component\HttpFoundation\RedirectResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; /** * Class AuthorizeController * * @package App\Controller * * @Route("/authorize", methods={"GET"}, name="authorize") */ class AuthorizeController { /** * @param Request $request * @param OauthAuthorizeServiceInterface $oauthAuthorizeService * * @return RedirectResponse */ public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse { return $oauthAuthorizeService->handleAuthorize($request); } }
<?php namespace App\Controller; use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface; use Symfony\Component\HttpFoundation\RedirectResponse;use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Routing\Annotation\Route; /** * Class HandleAuthCodeController * * @package App\Controller * * @Route("/handle", methods={"GET"}, name="authcodehandle") */ class HandleAuthCodeController { /** * @param Request $request * @param OauthAuthorizeServiceInterface $oauthAuthorizeService * * @return RedirectResponse */ public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse { return $oauthAuthorizeService->handleAuthCode($request); } }
确保您的 redirect_uri 指向处理控制器。
现在您可以重定向用户到 /authorize,并且您可以监听 AuthorizedEvent
以了解何时用户被授权。
示例
使用客户端凭证授权获取访问令牌
<?php $openIdProviderService->getTokenResponse(new ClientCredentialsGrant())->getAccessToken();