通过
搜索
搜索patrickbussmann / oauth2-apple
使用Apple OAuth 2.0客户端提供者登录The PHP League OAuth2-Client
0.3.0
2024-05-17 22:39 UTC
Requires
- ext-json: *
- firebase/php-jwt: ^5.2 || ^6.0
- lcobucci/jwt: ^3.4 || ^4.0 || ^5.0
- league/oauth2-client: ^2.0
Requires (Dev)
- composer/semver: ^3.0
- mockery/mockery: ^1.3
- php-parallel-lint/php-parallel-lint: ^1.3
- phpunit/phpunit: ^5.7 || ^6.0 || ^9.3
- squizlabs/php_codesniffer: ^2.3 || ^3.0
README
此软件包为PHP League的OAuth 2.0客户端提供Apple ID OAuth 2.0支持。
开始前
您可以在以下位置找到官方Apple文档: https://developer.apple.com/documentation/signinwithapplerestapi
如果您请求电子邮件地址或姓名,请注意您只能在第一次登录时获得这些信息。当您第二次登录时,您将只能获得用户ID - 没有其他信息。也许Apple将来会更改这一规定。
安装
要安装,请使用composer
composer require patrickbussmann/oauth2-apple
使用方法
使用方法与The League的OAuth客户端相同,使用\League\OAuth2\Client\Provider\Apple作为提供者。
授权码流
// $leeway is needed for clock skew Firebase\JWT\JWT::$leeway = 60; $provider = new League\OAuth2\Client\Provider\Apple([ 'clientId' => '{apple-client-id}', 'teamId' => '{apple-team-id}', // 1A234BFK46 https://developer.apple.com/account/#/membership/ (Team ID) 'keyFileId' => '{apple-key-file-id}', // 1ABC6523AA https://developer.apple.com/account/resources/authkeys/list (Key ID) 'keyFilePath' => '{apple-key-file-path}', // __DIR__ . '/AuthKey_1ABC6523AA.p8' -> Download key above 'redirectUri' => 'https://example.com/callback-url', ]); if (!isset($_POST['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: '.$authUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_POST['state']) || ($_POST['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) /** @var AppleAccessToken $token */ $token = $provider->getAccessToken('authorization_code', [ 'code' => $_POST['code'] ]); // Optional: Now you have a token you can look up a users profile data // Important: The most details are only visible in the very first login! // In the second and third and ... ones you'll only get the identifier of the user! try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getFirstName()); } catch (Exception $e) { // Failed to get user details exit(':-('); } // Use this to interact with an API on the users behalf echo $token->getToken(); }
撤销码流
// $leeway is needed for clock skew Firebase\JWT\JWT::$leeway = 60; $provider = new League\OAuth2\Client\Provider\Apple([ 'clientId' => '{apple-client-id}', 'teamId' => '{apple-team-id}', // 1A234BFK46 https://developer.apple.com/account/#/membership/ (Team ID) 'keyFileId' => '{apple-key-file-id}', // 1ABC6523AA https://developer.apple.com/account/resources/authkeys/list (Key ID) 'keyFilePath' => '{apple-key-file-path}', // __DIR__ . '/AuthKey_1ABC6523AA.p8' -> Download key above 'redirectUri' => 'https://example.com/callback-url', ]); $token = $token->getToken(); // Use the token of "Authorization Code Flow" which you saved somewhere for the user try { $provider->revokeAccessToken($token /*, 'access_token' or 'refresh_token' */); // Successfully revoked the token! } catch (Exception $e) { // Failed to revoke exit(':-('); }
管理作用域
当创建Apple授权URL时,您可以指定应用程序可以授权的状态和作用域。
$options = [ 'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE', // Scopes: https://developer.apple.com/documentation/authenticationservices/asauthorizationscope 'scope' => ['name', 'email'] // array or string ]; $authorizationUrl = $provider->getAuthorizationUrl($options);
如果没有定义,提供者将使用内部默认值。
在编写此文档时,以下作用域可用。
- 姓名(默认)
- 电子邮件(默认)
请注意,您只能在用户第一次登录时获得此信息!在随后的登录中,您将只能获得用户ID!
如果您只想获取用户ID,可以将scope设置为 ,然后更改所有$_POST为$_GET。
刷新令牌
如果您的访问令牌已过期,您可以使用刷新令牌来刷新它们。
$refreshToken = $token->getRefreshToken();
$refreshTokenExpiration = $token->getRefreshTokenExpires();
测试
$ ./vendor/bin/phpunit
贡献
请参阅CONTRIBUTING以获取详细信息。
致谢
此存储库的模板来自LinkedIn。
许可证
MIT许可证(MIT)。有关更多信息,请参阅许可证文件。