ikerib/giltza-oauth2

用于使用Giltza OAuth 2.0服务器的oauth2客户端

维护者

详细信息

github.com/ikerib/giltza-oauth2

源代码

问题

安装: 186

依赖: 0

建议者: 0

安全: 0

星标: 0

关注者: 1

分支: 0

开放问题: 0

1.0 2023-03-22 12:47 UTC

Requires

MIT 22fa59cdaa6ee6fe30370a96a28e2e92dafe10f5

authorizationclientoauthoauth2giltzaizenpe

This package is auto-updated.

Last update: 2024-09-22 16:34:34 UTC

README

此包为PHP League的OAuth 2.0客户端提供Giltza OAuth 2.0支持。

安装

要安装,请使用composer

composer require ikerib/giltza-oauth2

与KnpUOAuth2ClientBundle协同使用。

https://github.com/knpuniversity/oauth2-client-bundle

为了使您的应用程序能够开发,您需要向用户请求并获取应用和密码。

一旦获取,请安装KnpUOAuth2ClientBundle和此库。

创建一个自定义的Symfony Authenticator并在此处实现authenticate函数

public function authenticate(Request $request): Passport
    {
        $client = $this->clientRegistry->getClient('giltza');
        $accessToken = $this->fetchAccessToken($client);

        return new SelfValidatingPassport(
            new UserBadge($accessToken->getToken(), function() use ($accessToken, $client) {
                $user = $client->fetchUserFromToken($accessToken);
                // 1) have they logged in with Facebook before? Easy!
                $user = $this->entityManager->getRepository(User::class)->findOneBy(['NA' => $user->getId()]);

                if ($user) {                    
                    return $user;
                }

                throw new UserNotFoundException();
            })
        );
    }

KnpUOAuth2ClientBundle的配置文件应如下所示

knpu_oauth2_client:
    clients:
        # configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
        giltza:
            type: generic
            provider_class: Giltza\OAuth2\Client\Provider\OauthGiltzaProvider
            client_id: "%env(CLIENT_ID)%"
            client_secret: "%env(CLIENT_SECRET)%"
            redirect_route: oauth_check
            redirect_params: { }
            use_state: true

最后,在控制器中调用

    #[Route(path: '/login/giltza/connect', name: 'oauth_connect')]
    public function connect(ClientRegistry $clientRegistry): \Symfony\Component\HttpFoundation\RedirectResponse
    {
        return $clientRegistry->getClient('giltza')->redirect(['urn:izenpe:identity:global urn:izenpe:fea:properties urn:safelayer:eidas:authn_details']);
    }

    #[Route(path: '/login/giltza/connect/check', name: 'oauth_check')]
    public function check(Request $request, ClientRegistry $clientRegistry): void
    {
    }

Security.yml配置如下

    ...
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false

        main:
            pattern: ^/
            lazy: true
            provider: app_user_provider
            custom_authenticator:
                - App\Security\OauthAuthenticator
            entry_point: App\Security\OauthAuthenticator
            logout:
                path: app_logout
                target: /
                invalidate_session: true

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/admin/, roles: ROLE_ADMIN }