matt-czerner/oauth2-bundle

基于 trikoder/oauth2-bundle 进行修改,包含自定义实体属性。查看原始版本 https://github.com/trikoder/oauth2-bundle。感谢。

维护者

详细信息

github.com/MattCzerner/oauth2-bundle

源代码

安装: 1,520

依赖项: 0

建议者: 0

安全性: 0

星标: 0

关注者: 1

分支: 114

类型:symfony-bundle

v3.3.3 2024-08-02 11:12 UTC

Requires

Requires (Dev)

Suggests

MIT cb0c710e06c409009412a6d4c8b3313a43f8ed12

  • Antonio Pauletich <antonio.pauletich.woop@trikoder.net>
  • Berislav Balogović <berislav.balogovic.woop@trikoder.net>
  • Petar Obradović <petar.obradovic.woop@trikoder.net>

oauth2

This package is auto-updated.

Last update: 2024-09-02 11:22:48 UTC

README

Build Status Latest Stable Version License Code coverage

一个提供 OAuth 2.0 授权/资源服务器功能的 Symfony 扩展包。授权和资源服务器参与者使用 thephpleague/oauth2-server 库实现。

重要说明

此包提供了 thephpleague/oauth2-server 库和 Symfony 之间的“粘合剂”。它按照官方文档中指定的方式实现了 thephpleague/oauth2-server 库。将此库集成到 Symfony 项目中,请参阅 包文档 和官方 Symfony 安全文档

状态

此包目前正在积极开发中。

功能

  • 客户端授权和令牌发放的 API 端点
  • 可配置的客户端和令牌持久性(包括对 Doctrine 的支持)
  • 与 Symfony 的 Security 层集成

需求

安装

  1. 使用 Composer 需求包和 PSR 7/17 实现

    composer require trikoder/oauth2-bundle nyholm/psr7

    如果您的项目使用 Symfony Flex 管理,则无需执行以下步骤。请按照安装后说明操作!🎉

    注意:此包需要 PSR 7/17 实现才能运行。我们建议您使用 nyholm/psr7。如果您想使用不同的实现,请参阅此 文档

  2. config/packages/trikoder_oauth2.yaml 下创建包配置文件。以下是一个参考配置文件

    trikoder_oauth2:
    authorization_server: # Required

        # Full path to the private key file.
        # How to generate a private key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys
        private_key:          ~ # Required, Example: /var/oauth/private.key

        # Passphrase of the private key, if any.
        private_key_passphrase: null

        # The plain string or the ascii safe string used to create a Defuse\Crypto\Key to be used as an encryption key.
        # How to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password
        encryption_key:       ~ # Required

        # The type of value of "encryption_key".
        encryption_key_type:  plain # One of "plain"; "defuse"

        # How long the issued access token should be valid for, used as a default if there is no grant type specific value set.
        # The value should be a valid interval: https://php.ac.cn/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
        access_token_ttl:     PT1H

        # How long the issued refresh token should be valid for, used as a default if there is no grant type specific value set.
        # The value should be a valid interval: https://php.ac.cn/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
        refresh_token_ttl:    P1M

        # How long the issued authorization code should be valid for.
        # The value should be a valid interval: https://php.ac.cn/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
        auth_code_ttl:        ~ # Deprecated ("trikoder_oauth2.authorization_server.auth_code_ttl" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.auth_code_ttl" instead.)

        # Whether to require code challenge for public clients for the authorization code grant.
        require_code_challenge_for_public_clients: ~ # Deprecated ("trikoder_oauth2.authorization_server.require_code_challenge_for_public_clients" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.)

        # Whether to enable the authorization code grant.
        enable_auth_code_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_auth_code_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.enable" instead.)

        # Whether to enable the client credentials grant.
        enable_client_credentials_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_client_credentials_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.client_credentials.enable" instead.)

        # Whether to enable the implicit grant.
        enable_implicit_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_implicit_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.implicit.enable" instead.)

        # Whether to enable the password grant.
        enable_password_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_password_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.password.enable" instead.)

        # Whether to enable the refresh token grant.
        enable_refresh_token_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_refresh_token_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.refresh_token.enable" instead.)

        # Enable and configure grant types.
        grant_types:
            authorization_code:

                # Whether to enable the authorization code grant.
                enable:               true

                # How long the issued access token should be valid for the authorization code grant.
                access_token_ttl:     ~

                # How long the issued refresh token should be valid for the authorization code grant.
                refresh_token_ttl:    ~

                # How long the issued authorization code should be valid for.
                # The value should be a valid interval: https://php.ac.cn/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
                auth_code_ttl:        PT10M

                # Whether to require code challenge for public clients for the authorization code grant.
                require_code_challenge_for_public_clients: true
            client_credentials:

                # Whether to enable the client credentials grant.
                enable:               true

                # How long the issued access token should be valid for the client credentials grant.
                access_token_ttl:     ~
            implicit:

                # Whether to enable the implicit grant.
                enable:               true

                # How long the issued access token should be valid for the implicit grant.
                access_token_ttl:     ~
            password:

                # Whether to enable the password grant.
                enable:               true

                # How long the issued access token should be valid for the password grant.
                access_token_ttl:     ~

                # How long the issued refresh token should be valid for the password grant.
                refresh_token_ttl:    ~
            refresh_token:

                # Whether to enable the refresh token grant.
                enable:               true

                # How long the issued access token should be valid for the refresh token grant.
                access_token_ttl:     ~

                # How long the issued refresh token should be valid for the refresh token grant.
                refresh_token_ttl:    ~
    resource_server:      # Required

        # Full path to the public key file.
        # How to generate a public key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys
        public_key:           ~ # Required, Example: /var/oauth/public.key

    # Scopes that you wish to utilize in your application.
    # This should be a simple array of strings.
    scopes:               []

    # Configures different persistence methods that can be used by the bundle for saving client and token data.
    # Only one persistence method can be configured at a time.
    persistence:          # Required
        doctrine:

            # Name of the entity manager that you wish to use for managing clients and tokens.
            entity_manager:       default
        in_memory:            ~

    # The priority of the event listener that converts an Exception to a Response.
    exception_event_listener_priority: 10

    # Set a custom prefix that replaces the default "ROLE_OAUTH2_" role prefix.
    role_prefix:          ROLE_OAUTH2_

  3. config/bundles.php 中启用包,将其添加到数组中

    Trikoder\Bundle\OAuth2Bundle\TrikoderOAuth2Bundle::class => ['all' => true]

  4. 更新数据库,以便使用 Doctrine 持久化包实体

    bin/console doctrine:schema:update --force

  5. 将路由导入到您的 config/routes.yaml 文件中

    oauth2:
    resource: '@TrikoderOAuth2Bundle/Resources/config/routes.xml'

您可以通过向 /token 端点发出 POST 请求来验证一切是否正常工作。

❮ 注意 ❯建议您控制授权端点的访问权限,以便只有登录用户才能批准授权请求。您应该检查您的 security.yml 文件。以下是一个示例配置

security:
    access_control:
        - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }

配置

贡献

请参阅 CONTRIBUTING 获取详细信息。

版本控制

本项目遵循语义化版本控制 2.0.0。随机破坏公共API不是可选项。

然而,从版本4开始,我们只承诺在带有@api标签的结构元素上遵循SemVer。

变更

所有包的发布记录在CHANGELOG文件中。

问题报告

使用问题跟踪器报告您可能遇到的问题。

许可证

请参阅LICENSE文件以了解许可权利和限制(MIT)。