halloverden/symfony-oidc-client-bundle

symfony 的 OpenID Connect 客户端包

维护者

详细信息

github.com/halloverden/symfony-oidc-client-bundle

源代码

问题

安装次数: 2,617

依赖者: 2

建议者: 0

安全性: 0

星标: 0

关注者: 3

分支: 0

公开问题: 1

类型:symfony-bundle

3.9.0 2024-09-23 08:49 UTC

Requires

MIT cb0c9b88e2d1bbf8ce488a1ad64e58fa1a21ad48

  • Tom Roar Furunes <tom.roar.woop@halloverden.no>

This package is auto-updated.

Last update: 2024-09-23 08:50:03 UTC

README

symfony 的 OpenID Connect 客户端包

安装

  1. composer require halloverden/symfony-oidc-client-bundle
  2. hallo_verden_oidc_client.yaml 复制到您的项目文件夹中,并根据需要编辑它。

认证器

认证器可以用于使用您的 OpenID 提供器的访问令牌进行认证。

  1. 创建实现 HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface 的类
  2. 启用认证器和您想要作为服务使用的类
      HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface:
    class: App\Services\OauthUserProviderService # Your class

  HalloVerden\Security\AccessTokenAuthenticator: ~
  HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
  3. 将认证器添加到您的安全配置中。
      guard:
    authenticators:
      - HalloVerden\Security\AccessTokenAuthenticator
    entry_point: HalloVerden\Security\AccessTokenAuthenticator

OauthAuthorizeService

您可以使用 OauthAuthorizeService 从后端登录用户。

  1. 启用该服务
        HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface:
        class: HalloVerden\Oidc\ClientBundle\Services\OauthAuthorizeService
        arguments:
            $openIdProviderService: '@hv.oidc.openid_provider.default' # Default refers to the client_configurations key in you config
            $authorizeSuccessUrl: 'https:///success' # Where to redirect the user on success
            $authorizeErrorUrl: 'https:///error' # Where to redirect the user on error
  2. 创建两个控制器
    <?php
namespace App\Controller;

use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;

/**
 * Class AuthorizeController
 *
 * @package App\Controller
 *
 * @Route("/authorize", methods={"GET"}, name="authorize")
 */
class AuthorizeController {

  /**
   * @param Request                        $request
   * @param OauthAuthorizeServiceInterface $oauthAuthorizeService
   *
   * @return RedirectResponse
   */
  public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse {
    return $oauthAuthorizeService->handleAuthorize($request);
  }

}
    <?php
namespace App\Controller;

use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;

/**
 * Class HandleAuthCodeController
 *
 * @package App\Controller
 *
 * @Route("/handle", methods={"GET"}, name="authcodehandle")
 */
class HandleAuthCodeController {

  /**
   * @param Request $request 
   * @param OauthAuthorizeServiceInterface $oauthAuthorizeService
   *
   * @return RedirectResponse
   */
  public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse {
    return $oauthAuthorizeService->handleAuthCode($request);
  }

}

确保您的 redirect_uri 指向处理控制器。

现在您可以重定向用户到 /authorize,并且您可以监听 AuthorizedEvent 以了解何时用户被授权。

示例

使用客户端凭证授权获取访问令牌

<?php
$openIdProviderService->getTokenResponse(new ClientCredentialsGrant())->getAccessToken();