承接 blockvis/civic-sip-php 相关项目开发

从需求分析到上线部署,全程专人跟进,保证项目质量与交付效率

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

blockvis/civic-sip-php

Composer 安装命令:

composer require blockvis/civic-sip-php

包简介

The Civic Secure Identity Platform (SIP) API client.

README 文档

README

Civic Secure Identity Platform (SIP) API client implemented in PHP.

What is Civic

Civic is the next generation blockchain based secure identity management platform. It allows to authenticate users without the need for traditional physical IDs, knowledge based authentication, username/password, and two-factor hardware tokens. Civic's Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords. The SIP provides partners with functionality such as:

  • secure public or private 2FA user login,
  • onboarding of verified users with customized flows.

How Civic works

An individual downloads the Civic App and completes an Identity Validation Process customized to the Civic Business Customer requirements. This process verifies Personally Identifiable Information (PII) to ensure ownership of the identity with enough data to establish the level of trust required by the Civic Business Customer. In other words, more PII may be collected to establish a high level of trust, e.g. scanning of passport, driver’s license and social security number, while only minimal PII, e.g. only email and mobile phone number, may be collected for new users when the Civic Business Customer only wants to verify the user is real and unique.

After validation, the user is now considered a Civic Member with authenticated identity data secured in the Civic App on the user’s device, not stored by Civic. The Civic Member may share this previously authenticated identity data with Civic Business Customers, businesses that enter into a partnership with Civic which leverage blockchain technology for real-time authentication of Civic Member identity data.

Ultimately Civic Members have full control over their identity data and ability to choose what and who to share with.

Getting Started

In order to integrate your application with Civic you need to do the following:

1. Obtain application credentials (keys)

Go to Civic Partner Portal. If you already registered as Civic partner you may proceed with application registration (option B) otherwise you will be asked for some company details to complete the partner registration process.

  • (A) To become a partner you will need to provide Company Name, Primary Domain, Primary Contact and accept Developer Terms of Service. Important: To prove that you are eligible to create an account for a company, Civic requires you to use your company email address when signing up to Civic and enforces that your email domain matches the primary domain of your company during registration.

  • (B) Click "New Application" button and fill in the Application Form (Application Name, Whitelisted Domains, Full URL to logo image file). After submitting the form you will be provided with application credentials: App ID, Signing keypair, App Secret, Encryption keypair. This credentials will be used later on to configure Civic SIP client.

2. Install civic-sip-php package

$ composer require blockvis/civic-sip-php

3. Implement User-Agent (Browser) functionality

Include the civic.sip.js script on your page. This exposes a single global object, civic.

<link rel="stylesheet" href="https://hosted-sip.civic.com/css/civic-modal.css">

<script src="https://hosted-sip.civic.com/js/civic.sip.min.js"></script>

Instantiate instance of civic.sip.

var civicSip = new civic.sip({ appId: 'Your Application ID' });

Implement event handlers.

// Start scope request
$('button.js-signup').click(function(event) {
    civicSip.signup({ style: 'popup', scopeRequest: civicSip.ScopeRequests.BASIC_SIGNUP });
});

// Listen for data
civicSip.on('auth-code-received', function (event) {
    /*
        event:
        {
            event: "scoperequest:auth-code-received",
            response: "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJqdGkiOiI2Y2EwNTEzMi0wYTJmLTQwZjItYTg2Yi03NTkwYmRjYzBmZmUiLCJpYXQiOjE0OTQyMjUxMTkuMTk4LCJleHAiOjE0OTQyMjUyOTkuMTk4LCJpc3MiOiJjaXZpYy1zaXAtaG9zdGVkLXNlcnZpY2UiLCJhdWQiOiJodHRwczovL3BoNHg1ODA4MTUuZXhlY3V0ZS1hcGkudXMtZWFzdC0xLmFtYXpvbmF3cy5jb20vZGV2Iiwic3ViIjoiY2l2aWMtc2lwLWhvc3RlZC1zZXJ2aWNlIiwiZGF0YSI6eyJjb2RlVG9rZW4iOiJjY2E3NTE1Ni0wNTY2LTRhNjUtYWZkMi1iOTQzNjc1NDY5NGIifX0.gUGzPPI2Av43t1kVg35diCm4VF9RUCF5d4hfQhcSLFvKC69RamVDYHxPvofyyoTlwZZaX5QI7ATiEMcJOjXRYQ",
            type: "code"
        }
    */

    // Encoded JWT Token is sent to the server
    const jwtToken = event.response;

    // Your function to pass JWT token to your server
    sendAuthCode(jwtToken);
});

civicSip.on('user-cancelled', function (event) {
    /*
        event:
        {
          event: "scoperequest:user-cancelled"
        }
    */
});

// Error events
civicSip.on('civic-sip-error', function (error) {
    // handle error display if necessary.
    console.log('Error type = ' + error.type);
    console.log('Error message = ' + error.message);
});

4. Implement Application server functionality

Use Blockvis\Civic\Sip\Client with your application credentials to exchange the authorization code $jwtToken sent from user browser for requested user data.

use Blockvis\Civic\Sip\AppConfig;
use Blockvis\Civic\Sip\Client;

// Configure Civic App credentials.
$config = new AppConfig(
    'Your Application ID',
    'Your Application Secret',
    'Your Application Private Signing Key'
);

// Instantiate Civic API client with config and HTTP client.
$sipClient = new Client($config, new \GuzzleHttp\Client());

// Exchange Civic authorization code for requested user data.
$userData = $sipClient->exchangeToken($jwtToken);

An example of returned UserData value object:

UserData {
  -userId: "36a59d10-6c53-17f6-9185-gthyte22647a"
  -items: array:2 [
    0 => UserDataItem {
      -label: "contact.personal.email"
      -value: "user.test@gmail.com"
      -isValid: true
      -isOwner: true
    }
    1 => UserDataItem {
      -label: "contact.personal.phoneNumber"
      -value: "+1 555-618-7380"
      -isValid: true
      -isOwner: true
    }
  ]
}

You can iterate through the data items as following:

foreach ($userData->items() as $dataItem) {
    echo $dataItem->label() . ' = ' . $dataItem->value() . PHP_EOL;
}

You can also access individual data items by their labels. Note that userId is a property of UsedData object and not included in data items array.

$userId = $userData->userId();
$email = $userData->getByLabel('contact.personal.email')->value();
$phone = $userData->getByLabel('contact.personal.phoneNumber')->value();

Civic integration

Currently only Civic Hosted option is available for partners integration. This is the simplest route to integration as it provides a flow similar to the traditional oAuth2 authorization code flow, with Civic performing the role of the Authorization server. This option delivers a secure solution and minimises server side development required by the partner.

The following user signup example explains the general Civic Hosted option codeflow. Civic Code Flow

  1. Signup. The user clicks “Signup with Civic” button on your website page. The event handler calls a method in the Civic JS library to initiate signup.

  2. Launch Popup. A modal is displayed which contains an iframe to house the QR code. A request is made to the Civic server to generate a QR code for your scope request.

  3. QR Code. The server checks that the domain for the parent document of the iframe corresponds to the domain white list set in the partner account before serving the code. The QR code bridges the air gap between the browser and the user’s smart phone.

  4. Scan. The user scans the QR code using the Civic mobile app and is prompted to authorize or deny the scope request. The prompt highlights the data that is being requested and the requesting party.

  5. Grant Request. Upon granting the request, the data is sent to the Civic server.

  6. Verify offline. The Civic SIP server verifies the authenticity and integrity of the attestations received from the user’s mobile app. This process proves that the user data was attested to by Civic and that the user is currently in control of the private keys relevant to the data.

  7. Verify on the blockchain. The Civic server then verifies that the attestations are still valid on the blockchain and have not been revoked.

  8. Encrypt and cache. The data is encrypted and cached on the Civic server. Once this data is cached, a polling request from the iframe will receive a response containing an authorization code wrapped in a JWT token. The CivicJS browser-side library passes the token to the parent document. Your site is then responsible for passing the JWT token to your server.

  9. Authorization Code exchange. Use the Civic SIP client (this library) on your server to communicate with the Civic SIP server and exchange the authorization code (AC) for the requested user data. The SIP server first validates the JWT token, ensuring it was issued by Civic, is being used by the correct application id, and that the expiry time on the token has not lapsed. The enclosed AC is then verified and the encrypted cached data returned.

  10. Decrypt. Your server receives the encrypted data where it is decrypted using your application secret key. The result will contain a userId and any data requested (such as email, mobile number etc).

  11. Complete user signup. At this point you can store the necessary data and redirect the user to your app’s logged in experience.

For subsequent logins the userId from UserData value object can be used to associate the user with your accounts system.

License

The software licensed under the MIT license.

blockvis/civic-sip-php 适用场景与选型建议

blockvis/civic-sip-php 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 7.77k 次下载、GitHub Stars 达 11, 最近一次更新时间为 2017 年 09 月 20 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「authorization」 「api」 「blockchain」 「sip」 「civic」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 blockvis/civic-sip-php 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 blockvis/civic-sip-php 我们能提供哪些服务?
定制开发 / 二次开发

基于 blockvis/civic-sip-php 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 7.77k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 12
  • 点击次数: 18
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 11
  • Watchers: 3
  • Forks: 3
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2017-09-20