ridibooks/internal-auth

Ridibooks 内部认证

v0.0.1 2020-02-27 06:52 UTC

This package is auto-updated.

Last update: 2024-09-27 17:07:06 UTC


README

Build Status

简介

  • 这是一个用于内部服务通信认证的PHP库。
  • 它遵循Ridi风格指南(内部服务间的SSO)编写。
  • 可选支持JWK缓存。通过向JwtTokenValidator注入psr-6的实现,可以启用缓存功能。

需求

  • PHP 7.2 或更高版本
  • 为了使用 php7.2-gmp web-token decryption 模块,需要在操作系统内安装php7.2-gmp。因此,请在客户端的操作系统或Docker镜像内务必安装。请参考PR

安装

composer require ridibooks/internal-auth

用法

JwtGenerator

use Ridibooks\InternalAuth\Authorization\Generator\JwtGenerator;

$key_config = [
    '... issuer service name  ...' => [
        'kid' => '... key id ...',
        'key' => '... rsa private key ...',
    ]
];

$jwt_generator = new JwtGenerator($key_config);
$token = $jwt_generator->generate(
    '... issuer service name  ...',
    '... audience service name ...'
)

Authorizer, JwtValidator(无缓存)

use Ridibooks\InternalAuth\Authorization\Validator\JwtValidator;
use Ridibooks\InternalAuth\Authorizer;

$internal_auth_token = '...';

try {
    $jwk_url = $this->configs['jwk_url'];
    $validator = new JwtValidator($jwk_url);

    $authorizer = new Authorizer($validator);
    $authorizer->authorize($internal_auth_token, [InterService.Account]);
} catch (AuthorizationException $e) {
	// handle exception
}

Authorizer, JwtValidator(带缓存)

use Ridibooks\InternalAuth\Authorization\Validator\JwtValidator;
use Ridibooks\InternalAuth\Authorizer;

$internal_auth_token = '...';

try {
    $jwk_url = $this->configs['jwk_url'];
    $cache_item_pool = new FilesystemAdapter(); // [psr-6](https://www.php-fig.org/psr/psr-6/) Implementation Adaptor
    $validator = new JwtValidator($jwk_url, $cache_item_pool);

    $authorizer = new Authorizer($validator);
    $authorizer->authorize($internal_auth_token, [InterService.Account]);
} catch (AuthorizationException $e) {
	// handle exception
}