yii2-oauth2-server

A wrapper for implementing an OAuth2 Server(https://github.com/bshaffer/oauth2-server-php)

  • 所有者: filsh/yii2-oauth2-server
  • 平台:
  • 许可证: MIT License
  • 分类:
  • 主题:
  • 喜欢:
    0
      比较:

Github星跟踪图

yii2-oauth2-server

A wrapper for implementing an OAuth2 Server(https://github.com/bshaffer/oauth2-server-php)

Installation

The preferred way to install this extension is through composer.

Either run

php composer.phar require --prefer-dist filsh/yii2-oauth2-server "*"

or add

"filsh/yii2-oauth2-server": "~2.0"

to the require section of your composer.json.

To use this extension, simply add the following code in your application configuration as a new module:

'modules'=>[
        //other modules .....
        'oauth2' => [
            'class' => 'filsh\yii2\oauth2server\Module',            
            'tokenParamName' => 'accessToken',
            'tokenAccessLifetime' => 3600 * 24,
            'storageMap' => [
                'user_credentials' => 'app\models\User',
            ],
            'grantTypes' => [
                'user_credentials' => [
                    'class' => 'OAuth2\GrantType\UserCredentials',
                ],
                'refresh_token' => [
                    'class' => 'OAuth2\GrantType\RefreshToken',
                    'always_issue_new_refresh_token' => true
                ]
            ]
        ]
    ],

If you want to get Json Web Token (JWT) instead of convetional token, you will need to set 'useJwtToken' => true in module and then define two more configurations:
'public_key' => 'app\storage\PublicKeyStorage' which is the class that implements PublickKeyInterface and 'access_token' => 'app\storage\JwtAccessToken' which implements JwtAccessTokenInterface.php

For Oauth2 base library provides the default access_token which works great except that it tries to save the token in the database. So I decided to inherit from it and override the part that tries to save (token size is too big and crashes with VARCHAR(40) in the database.

TL;DR, here are the sample classes
access_token

<?php

namespace app\storage;

/**
 *
 * @author Stefano Mtangoo <mwinjilisti at gmail dot com>
 */
class JwtAccessToken extends \OAuth2\Storage\JwtAccessToken
{  
    public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null)
    {
         
    }

    public function unsetAccessToken($access_token)
    {
        
    } 
}

and public_key

<?php
namespace app\storage;

class PublicKeyStorage implements \OAuth2\Storage\PublicKeyInterface{


    private $pbk =  null;
    private $pvk =  null; 
    
    public function __construct()
    {
        //files should be in same directory as this file
        //keys can be generated using OpenSSL tool with command: 
        /*
          private key:
          openssl genrsa -out privkey.pem 2048

          public key:
          openssl rsa -in privkey.pem -pubout -out pubkey.pem
        */
        $this->pbk =  file_get_contents('privkey.pem', true); 
        $this->pvk =  file_get_contents('pubkey.pem', true); 
    }

    public function getPublicKey($client_id = null){ 
        return  $this->pbk;
    }

    public function getPrivateKey($client_id = null){ 
        return  $this->pvk;
    }

    public function getEncryptionAlgorithm($client_id = null){
        return 'HS256';
    }

}

NOTE: You will need this PR applied or you can patch it yourself by checking changes in this diff. The other part of PR is only if you want to use firebase JWT library (which is not mandatory anyway).

Also, extend common\models\User - user model - implementing the interface \OAuth2\Storage\UserCredentialsInterface, so the oauth2 credentials data stored in user table.
You should implement:

  • findIdentityByAccessToken()
  • checkUserCredentials()
  • getUserDetails()

You can extend the model if you prefer it (please, remember to update the config files) :

use Yii;

class User extends common\models\User implements \OAuth2\Storage\UserCredentialsInterface
{

    /**
     * Implemented for Oauth2 Interface
     */
    public static function findIdentityByAccessToken($token, $type = null)
    {
        /** @var \filsh\yii2\oauth2server\Module $module */
        $module = Yii::$app->getModule('oauth2');
        $token = $module->getServer()->getResourceController()->getToken();
        return !empty($token['user_id'])
                    ? static::findIdentity($token['user_id'])
                    : null;
    }

    /**
     * Implemented for Oauth2 Interface
     */
    public function checkUserCredentials($username, $password)
    {
        $user = static::findByUsername($username);
        if (empty($user)) {
            return false;
        }
        return $user->validatePassword($password);
    }

    /**
     * Implemented for Oauth2 Interface
     */
    public function getUserDetails($username)
    {
        $user = static::findByUsername($username);
        return ['user_id' => $user->getId()];
    }
}

The next step your shold run migration

yii migrate --migrationPath=@vendor/filsh/yii2-oauth2-server/migrations

this migration create the oauth2 database scheme and insert test user credentials testclient:testpass for http://fake/

add url rule to urlManager

'urlManager' => [
    'enablePrettyUrl' => true, //only if you want to use petty URLs
    'rules' => [
        'POST oauth2/<action:\w+>' => 'oauth2/rest/<action>',
        ...
    ]
]

Usage

To use this extension, simply add the behaviors for your base controller:

use yii\helpers\ArrayHelper;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;
use filsh\yii2\oauth2server\filters\ErrorToExceptionFilter;
use filsh\yii2\oauth2server\filters\auth\CompositeAuth;

class Controller extends \yii\rest\Controller
{
    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        return ArrayHelper::merge(parent::behaviors(), [
            'authenticator' => [
                'class' => CompositeAuth::className(),
                'authMethods' => [
                    ['class' => HttpBearerAuth::className()],
                    ['class' => QueryParamAuth::className(), 'tokenParam' => 'accessToken'],
                ]
            ],
            'exceptionFilter' => [
                'class' => ErrorToExceptionFilter::className()
            ],
        ]);
    }
}

To get access token (js example):

var url = window.location.host + "/oauth2/token";
var data = {
    'grant_type':'password',
    'username':'<some login from your user table>',
    'password':'<real pass>',
    'client_id':'testclient',
    'client_secret':'testpass'
};
//ajax POST `data` to `url` here
//

For more, see https://github.com/bshaffer/oauth2-server-php

主要指标

概览
名称与所有者filsh/yii2-oauth2-server
主编程语言PHP
编程语言PHP (语言数: 1)
平台
许可证MIT License
所有者活动
创建于2014-04-30 14:26:58
推送于2024-07-30 06:05:18
最后一次提交2020-10-19 15:31:09
发布数5
最新版本名称v2.1.1 (发布于 )
第一版名称v1.0 (发布于 )
用户参与
星数330
关注者数35
派生数166
提交数129
已启用问题?
问题数107
打开的问题数21
拉请求数36
打开的拉请求数6
关闭的拉请求数11
项目设置
已启用Wiki?
已存档?
是复刻?
已锁定?
是镜像?
是私有?