通过
搜索
搜索mvieira / macaroons
v0.0.1
2017-08-04 20:10 UTC
Requires
- php: >=7.0
Requires (Dev)
- leanphp/phpspec-code-coverage: ^3.1
- phpspec/phpspec: ^3.0
- satooshi/php-coveralls: ^1.0
- squizlabs/php_codesniffer: ^3.0
This package is auto-updated.
Last update: 2024-09-05 18:41:22 UTC
README
Macaroons 的 PHP 实现:带有上下文限制的 Cookies,用于去中心化授权
规范
资源
- http://hackingdistributed.com/2014/05/21/my-first-macaroon/
- https://air.mozilla.org/macaroons-cookies-with-contextual-caveats-for-decentralized-authorization-in-the-cloud/
- https://evancordell.com/2015/09/27/macaroons-101-contextual-confinement.html
安装
要求
- php >= 7.0
- libsodium-php >= 1.0
关于 libsodium
- The
libsodiumlibrary will be distributed with PHP >= 7.2) - The
libsodiumlibrary is not required incomposer.jsonbecause the versions 1 (ext-libsodium) and 2 (ext-sodium) have different names. Nevertheless, this package should work with both once installed.
安装
Add the library as a requirement in your composer.json
{
"require": {
"mvieira/macaroons": "dev-master"
}
}
or with command line
$ composer require mvieira/macaroons
文档
这里是一个使用第三方 macaroon 的简单示例
在 目标服务 服务器上,生成允许用户访问服务的 macaroon。
use Macaroons\Macaroon; use function Macaroons\Crypto\crypto_gen_nonce; $macaroon = Macaroon::create('secret random number', crypto_gen_nonce(), 'https://unicorn.co'); $macaroon = $macaroon ->withThirdPartyCaveat('third party secret', 'user_auth', 'https://auth.unicorn.co');
在身份提供者服务器上,生成将验证 第三方限制 的 discharge macaroon。
use Macaroons\Macaroon; // user login happens beforehand... // once the user manages to log in to the service // Deserialize the root macaroon $macaroon = Macaroon::deserialize('@#!?$'); // prepare the discharge macaroon that will satisfied the third party caveat $discharge = Macaroon::create('third party secret', 'user_auth', 'https://auth.unicorn.co') ->withFirstPartyCaveat('user_id = 12345678'); // add the requested first party caveat // bind the discharge macaroon to the root macaroon $discharge = $macaroon->bind($discharge);
回到目标服务服务器
use Macaroons\Macaroon; use Macaroons\Verifier; use Macaroons\Serialization\V1\Serializer; // deserialize both macaroons $macaroon = Macaroon::deserialize('@#!?$', new Serializer()); $discharge = Macaroon::deserialize('#?@$!', new Serializer()); // prepare the verifier $verifier = (new Verifier()) ->satisfyExact('user_id = 12345678') ->withDischargeMacaroon($discharge); try { $verified = $macaroon->verify('secret random number', $verifier); } catch (\DomainException $e) { // Catch verification errors echo $e->getMessage() . "\n"; }
示例
示例可在 ./examples/ 目录中找到
$ php ./examples/1-target-service.php
$ php ./examples/2-identity-provider.php
$ php ./examples/3-verification.php
贡献
请参阅 CONTRIBUTING 了解详情。
许可证
MIT 许可证 (MIT)。请参阅 LICENSE 获取更多信息。