jakim-pj/yii2-authserver

与 OAuth2 兼容的认证服务器。

维护者

详细信息

github.com/jakim/yii2-authserver

源代码

问题

安装次数: 543

依赖: 0

建议者: 0

安全: 0

星标: 0

关注者: 2

分支: 0

开放性问题: 0

类型:yii2-extension

1.0.0-beta.2 2017-03-10 20:53 UTC

Requires

MIT cdabf5bdd7708967c3ba44921a4c24f52df38691

  • Paweł Jakimowski <pawel.woop@jakimowski.info>

This package is auto-updated.

Last update: 2024-09-11 16:49:58 UTC

README

Latest Stable Version Total Downloads Latest Unstable Version License

认证服务器兼容 OAuth 2.0

成功响应 RFC 6749

HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Wed, 23 Nov 2016 15:35:13 GMT
Content-Type: application/json; charset=UTF-8
{
  "access_token": "4U0B6zMngrDuiNPyTErzsZ35gBVexoxC_1479923192",
  "token_type": "bearer",
  "expires_in": 7200,
  "refresh_token": "e-KaqLwjAgWrpp5A8c1zISfeK4dOEZex_1482507992"
}

错误响应 RFC 6749

HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
{
  "error":"invalid_request"
}

错误

认证服务器以 HTTP 400(错误请求)状态码响应,并在响应中包含以下参数

  • invalid_request 请求缺少必需的参数,除授权类型外。
  • invalid_grant 提供的授权授予(例如,授权代码、资源所有者凭据或刷新令牌)无效、已过期或已撤销。
  • unsupported_grant_type 授权授予类型不受认证服务器支持。

安装

1. 在 config/web.php 中配置组件

示例

'components' => [
    'authServer' => [
        'class' => \jakim\authserver\Server::class,
        'grantTypes' => [
            'password' => \jakim\authserver\grants\PasswordCredentials::class,
            'refresh_token' => \jakim\authserver\grants\RefreshToken::class,
            'facebook_token' => [
                'class' => \jakim\authserver\grants\FacebookToken::class,
                'app_id' => $params['facebook.app_id'],
                'app_secret' => $params['facebook.app_secret'],
                'fields' => 'birthday,email,name,about,gender,picture.type(large){url}',
            ],
        ],
    ],
],

2. 实现身份接口(通常在 User 模型中)

  • jakim\authserver\base\UserIdentityInterface 用于 密码授权刷新令牌授权
  • jakim\authserver\base\FacebookUserIdentityInterface 用于 Facebook 令牌授权

示例

public static function findIdentityByCredentials($username, $password)
{
    $security = \Yii::$app->security;
    $model = static::findOne(['email' => $username]);
    if ($model && $security->validatePassword($password, $model->password)) {
        return $model;
    }

    return null;
}

public static function findIdentityByRefreshToken($refreshToken)
{
    return static::findOne(['refresh_token' => $refreshToken]);
}

public static function findIdentityByFacebookGraphUser($user)
{
    /** @var GraphUser $user */
    $model = static::findOne(['facebook_id' => $user->getId()]);
    if ($model === null) {
        $model = static::findOne(['email' => $user->getEmail()]);
    }

    // auto create user from facebook
    if ($model === null) {
        /** @var User $model */
        $model = UserFactory::newFromFacebookGraphUser($user);
        if (!$model->save()) {
            \Yii::error('Unable to create new user from facebook: ' . print_r($model->getErrors(), true), __METHOD__);

            return null;
        }
    } else {
        $model = UserFactory::updateFromFacebookGraphUser($model, $user);
        if (!$model->save()) {
            \Yii::error('Unable to update user from facebook: ' . print_r($model->getErrors(), true), __METHOD__);

            return null;
        }
    }

    return $model;
}

public function setAccessToken($token)
{
    $this->access_token = $token;
}

public function getAccessToken()
{
    return $this->access_token;
}

public function setRefreshToken($token)
{
    $this->refresh_token = $token;
}

public function getRefreshToken()
{
    return $this->refresh_token;
}

3. 在认证控制器中创建 token 操作

示例 - 自定义操作

public function actionToken()
{
    /** @var Server $server */
    $server = Instance::ensure('authServer', Server::class);

    if (($response = $server->getResponse()) === null) {

        return $server->getError();
    }

    return $response;
}

示例 - 预定义操作类

    public function actions()
    {
        return [
            'token' => TokenAction::class,
        ];
    }

API 使用示例

密码授权类型的参数

密码授权类型的参数

Facebook 授权类型的参数

4. 使用自定义认证过滤器 jakim\authserver\filters\HttpBearerAuth(可选)