michalkvasnicak/oauth2-server

PHP 的 OAuth 2.0 服务器实现

维护者

详细信息

github.com/michalkvasnicak/oauth2-server

主页

源代码

问题

安装次数: 2,011

依赖者: 1

建议者: 0

安全性: 0

星标: 7

关注者: 2

分支: 2

开放问题: 0

v1.0.0-beta3 2016-05-06 10:49 UTC

Requires

  • php: >=5.4.0

Requires (Dev)

MIT 4dd17f435f260c304124a8a045579c6b538fa046

phpauthorizationsecurityAuthenticationoauth

This package is not auto-updated.

Last update: 2024-09-28 16:20:35 UTC

README

  • 开发: 构建状态
  • 主分支: 构建状态
  • Gittip
  • Flattr this git repo

OAuth 2.0 服务器实现最终草案 http://tools.ietf.org/html/rfc6749

不同授权类型的使用示例在 tests 目录中。

此库未在生产环境中进行测试。

需求

  • PHP >= 5.4.0
  • HHVM

安装

使用 composer

{
    "require": {
        "michalkvasnicak/oauth2-server": "dev-develop"
    }
}

示例

授权应用(客户端)访问

用于授权码和隐式授权类型

<?php

use OAuth2\Security\Authorizator;
use OAuth2\Resolver\GrantTypeResolver;

$request = new Request; // here create request from globals or whatever

$grantTypeResolver = new GrantTypeResolver;
$grantTypeResolver->accept($grantType); // register OAuth2\GrantType\IGrantType or OAuth2\GrantType\IAuthorizationType

$authorizator = new Authorizator($grantTypeResolver);

// for authorizing you have to provide current request and logged user
$session = $authorizator->authorize($request, $user); 
// returns OAuth2\Security\AuthorizationCodeSession

// there you show form with requested scopes and asks user to accept / deny this request
// you can redirect user if you allow user to access resource to redirect uri from auth session

$session->getRedirectUri(); // returns redirect uri with code and state (if state was provided)

为当前请求颁发访问令牌(使用已注册的授权类型之一)

<?php

use OAuth2\TokenIssuer\AccessTokenIssuer;
use OAuth2\Resolver\GrantTypeResolver;

$request = new Request; // here create request from globals or whatever, implement OAuth2\Http\IRequest

$grantTypeResolver = new GrantTypeResolver;

$grantTypeResolver->accept($grantType); // register OAuth2\GrantType\IGrantType 

$accessTokenIssuer = new AccessTokenIssuer($grantTypeResolver);

// access token lifetime is handled by access token storage
$accessToken = $accessTokenIssuer->issueToken($request); // returns OAuth2\Storage\IAccessToken

// refresh token has to be issued manually
$refreshTokenIssuer = new RefreshTokenIssuer($refreshTokenStorage);

// refresh token lifetime is handled by refresh token storage

$refreshTokenIssuer->issueToken($accessToken); // returns OAuth2\Storage\IRefreshToken

为当前请求验证用户并授权访问资源

<?php

use OAuth2\Security\Authenticator;
use OAuth2\Resolver\TokenTypeResolver;
use OAuth2\TokenType\Bearer;


$accessTokenStorage = ...; // implementation of OAuth2\Storage\IAccessTokenStorage

// register accepted token types
$tokenTypeResolver = new TokenTypeResolver;
$tokenTypeResolver->accept($tokenType); // accepted token type OAuth2\TokenType\ITokenType

$authenticator = new Authenticator(
    $tokenTypeResolver,
    $accessTokenStorage
);

$currentSession = $authenticator->authenticate($request); // returns OAuth2\Security\Session

$currentSession->isAllowed('edit'); // checks if current access token has given scope, returns boolean

// get logged user
$currentSession->getUser(); // OAuth2\Storage\IUser

// get access token
$currentSession->getAccessToken(); // OAuth2\Storage\IAccessToken

// get client used to connect
$currentSession->getClient(); //OAuth2\Storage\IClient