halloverden/symfony-oidc-client-bundle

symfony 的 OpenID Connect 客户端包

3.9.0 2024-09-23 08:49 UTC

README

symfony 的 OpenID Connect 客户端包

安装

  1. composer require halloverden/symfony-oidc-client-bundle
  2. hallo_verden_oidc_client.yaml 复制到您的项目文件夹中,并根据需要编辑它。

认证器

认证器可以用于使用您的 OpenID 提供器的访问令牌进行认证。

  1. 创建实现 HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface 的类
  2. 启用认证器和您想要作为服务使用的类
      HalloVerden\Security\Interfaces\OauthUserProviderServiceInterface:
        class: App\Services\OauthUserProviderService # Your class
    
      HalloVerden\Security\AccessTokenAuthenticator: ~
      HalloVerden\Security\ClientCredentialsAccessTokenAuthenticator: ~
  3. 将认证器添加到您的安全配置中。
      guard:
        authenticators:
          - HalloVerden\Security\AccessTokenAuthenticator
        entry_point: HalloVerden\Security\AccessTokenAuthenticator

OauthAuthorizeService

您可以使用 OauthAuthorizeService 从后端登录用户。

  1. 启用该服务
        HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface:
            class: HalloVerden\Oidc\ClientBundle\Services\OauthAuthorizeService
            arguments:
                $openIdProviderService: '@hv.oidc.openid_provider.default' # Default refers to the client_configurations key in you config
                $authorizeSuccessUrl: 'https:///success' # Where to redirect the user on success
                $authorizeErrorUrl: 'https:///error' # Where to redirect the user on error
    
  2. 创建两个控制器
    <?php
    namespace App\Controller;
    
    use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface;
    use Symfony\Component\HttpFoundation\RedirectResponse;
    use Symfony\Component\HttpFoundation\Request;
    use Symfony\Component\Routing\Annotation\Route;
    
    /**
     * Class AuthorizeController
     *
     * @package App\Controller
     *
     * @Route("/authorize", methods={"GET"}, name="authorize")
     */
    class AuthorizeController {
    
      /**
       * @param Request                        $request
       * @param OauthAuthorizeServiceInterface $oauthAuthorizeService
       *
       * @return RedirectResponse
       */
      public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse {
        return $oauthAuthorizeService->handleAuthorize($request);
      }
    
    }
    <?php
    namespace App\Controller;
    
    use HalloVerden\Oidc\ClientBundle\Interfaces\OauthAuthorizeServiceInterface;
    use Symfony\Component\HttpFoundation\RedirectResponse;use Symfony\Component\HttpFoundation\Request;
    use Symfony\Component\Routing\Annotation\Route;
    
    /**
     * Class HandleAuthCodeController
     *
     * @package App\Controller
     *
     * @Route("/handle", methods={"GET"}, name="authcodehandle")
     */
    class HandleAuthCodeController {
    
      /**
       * @param Request $request 
       * @param OauthAuthorizeServiceInterface $oauthAuthorizeService
       *
       * @return RedirectResponse
       */
      public function __invoke(Request $request, OauthAuthorizeServiceInterface $oauthAuthorizeService): RedirectResponse {
        return $oauthAuthorizeService->handleAuthCode($request);
      }
    
    }

确保您的 redirect_uri 指向处理控制器。

现在您可以重定向用户到 /authorize,并且您可以监听 AuthorizedEvent 以了解何时用户被授权。

示例

使用客户端凭证授权获取访问令牌

<?php
$openIdProviderService->getTokenResponse(new ClientCredentialsGrant())->getAccessToken();