使用 
进行搜索
进行搜索muffycompo / oidconnect-laravel
Laravel 框架的 OpenID Connect 客户端库
dev-master
2017-12-07 22:36 UTC
Requires
- illuminate/database: ^5.5
- illuminate/routing: ^5.5
- laravel/socialite: ^3.0
- lcobucci/jwt: dev-master
This package is not auto-updated.
Last update: 2024-09-25 08:34:03 UTC
README
OpenIDConnect Laravel 包旨在为您提供使用 OpenID Connect 协议轻松认证用户的机会。
安装
要安装此包,您需要
- Laravel 5.5+
- PHP 7.1+
使用 composer 安装
composer require muffycompo/oidconnect-laravel:dev-master
打开 config/app.php 并在您的应用程序提供者之上注册上述所需的服务提供者。
'providers' => [ ... Laravel\Socialite\SocialiteServiceProvider::class, Furdarius\OIDConnect\ServiceProvider::class ... ]
如果您想在配置文件中更改配置,可以使用以下 Artisan 命令发布它
php artisan vendor:publish --provider="Furdarius\OIDConnect\ServiceProvider"
之后,合并迁移
php artisan migrate
使用方法
配置
首先,您需要在您的应用程序使用的 OpenID Connect 服务的凭证。这些凭证应放置在您的 config/opidconnect.php 配置文件中。
<?php return [ 'client_id' => 'CLIENT_ID_HERE', 'client_secret' => 'CLIENT_SECRET_HERE', 'redirect' => env('APP_URL') . '/auth/callback', 'auth' => 'https://oidc.service.com/auth', 'token' => 'https://oidc.service.com/token', 'keys' => 'https://oidc.service.com/keys', ];
端点
现在,您的应用程序具有认证端点
GET /auth/redirect- 用于将客户端重定向到认证服务登录页面。GET /auth/callback- 当认证服务将客户端重定向到带有代码的回调 URL 时使用。POST /auth/refresh- 客户端用于刷新 ID 令牌。
中间件
您需要在受保护的路由上使用 Auth 中间件。打开 App\Http\Kernel 并在 $routeMiddleware 中注册中间件。
protected $routeMiddleware = [ 'token' => \Furdarius\OIDConnect\TokenMiddleware::class ];
然后像平常一样使用它
Route::middleware('token')->get('/protected-resource', function (Illuminate\Http\Request $request) { return "You are on protected zone"; });
用户认证
创建您自己的 StatelessGuard 并在 config/auth.php 中设置它。示例
守护者
<?php namespace App\Auth; use Illuminate\Auth\AuthenticationException; use Illuminate\Auth\GuardHelpers; use Illuminate\Contracts\Auth\Authenticatable; use Illuminate\Contracts\Auth\Guard; use Illuminate\Support\Traits\Macroable; class StatelessGuard implements Guard { use GuardHelpers, Macroable; /** * @return \Illuminate\Contracts\Auth\Authenticatable * @throws AuthenticationException */ public function user() { if (null === $this->user) { throw new AuthenticationException('Unauthenticated user'); } return $this->user; } /** * @param array $credentials * @return bool */ public function validate(array $credentials = []) { return $this->user instanceof Authenticatable; } }
配置(《config/auth.php》)
'defaults' => [ 'guard' => 'stateless', 'passwords' => 'users', ], ... 'guards' => [ 'stateless' => [ 'driver' => 'stateless' ] ],
然后,实现自己的 Authenticator。示例
<?php namespace App\Auth; use App\User; use Furdarius\OIDConnect\Contract\Authenticator; use Furdarius\OIDConnect\Exception\AuthenticationException; use Lcobucci\JWT\Token\DataSet; class PersonAuthenticatorAdapter implements Authenticator { /** * @param DataSet $claims * * @return void */ public function authUser(DataSet $claims) { $email = $claims->get('email'); if (!$email) { throw new AuthenticationException('User\'s email not present in token'); } $model = new User(['email' => $email]); \Auth::setUser($model); } }
并实现认证提供者。示例
<?php namespace App\Auth; use Furdarius\OIDConnect\Contract\Authenticator; use Illuminate\Support\ServiceProvider; class AuthenticatorServiceProvider extends ServiceProvider { /** * Bootstrap any application services. * * @return void */ public function boot() { \Auth::extend('stateless', function () { return new StatelessGuard(); }); } /** * Register any application services. * * @return void */ public function register() { $this->app->singleton(Authenticator::class, function ($app) { return new PersonAuthenticatorAdapter(); }); } }
然后,在《config/app.php》中注册它
'providers' => [
...
App\Auth\AuthenticatorServiceProvider::class,
...
]
现在,您可以使用 \Auth::user(); 获取当前用户信息。