fuzz/laravel-oauth
Composer 安装命令:
composer require fuzz/laravel-oauth
包简介
auth
README 文档
README
An OAuth wrapper to bridge lucadegasperi/oauth2-server-laravel and Laravel's authentication system while providing optional support for fuzz/magic-box repositories
Setup
-
Require the composer package
-
Set up your project
AuthServiceProviderto extendFuzz\Auth\Providers\AuthServiceProvider -
Follow instructions in
lucadegasperi/oauth2-server-laravelto set it up. -
Configure the
grant_typesarray inconfig/oauth2.phpto use the Fuzz grants (or extend/create your own)'grant_types' => [ 'password' => [ 'class' => \Fuzz\Auth\OAuth\Grants\PasswordGrant::class, 'callback' => '\Fuzz\Auth\OAuth\Grants\PasswordGrantVerifier@verify', 'access_token_ttl' => 7600, ], 'refresh_token' => [ 'class' => \Fuzz\Auth\OAuth\Grants\RefreshTokenGrant::class, 'access_token_ttl' => 7600, 'refresh_token_ttl' => 14600, ], ], -
Set up
config/auth.phpSet the default guard to
api'defaults' => [ 'guard' => 'api', 'passwords' => 'users', ],Set the
apiguard to use\Fuzz\Auth\Guards\OAuthGuard::classas its driver'api' => [ 'driver' => \Fuzz\Auth\Guards\OAuthGuard::class, 'provider' => 'users', ],Set Laravel to use the
oauthuser provider and set your project's User class'providers' => [ 'users' => [ 'driver' => 'oauth', 'model' => \App\User::class, 'token_key' => 'access_token', ], ], -
Create
app/Http/Middleware/OAuthMiddleware.phpand extendFuzz\Auth\Middleware\OAuthenticateMiddleware. Add it to the$routeMiddlewarearray in `app/Http/Kernel.php -
Your User class should implement the
Fuzz\Auth\Models\AgentInterfaceandIlluminate\Contracts\Auth\Authenticatableand their required methods
Usage
Protecting routes
Routes that require authentication can now be protected with the auth middleware:
$router->group(
['middleware' => 'auth'], function (Router $router) {
$router->get('locations', 'LocationsController@index');
});
Within any authenticated route, you can use all the default Laravel Auth methods such as Auth::user() to resolve the currently authenticated user. lucadegasperi/oauth2-server-laravel provides a way to protect routes based on scope, but you can also use Fuzz\Auth\Policies\RepositoryModelPolicy@requireScopes to throw League\OAuth2\Server\Exception\AccessDeniedException exceptions when a user does not have the required scopes.
Protecting resources
Laravel OAuth comes with a base Fuzz\Auth\Policies\RepositoryModelPolicy but you may create your own (implementing the Fuzz\Auth\Policies\RepositoryModelPolicyInterface might be helpful). Extending Fuzz\Auth\Policies\RepositoryModelPolicy will provide some base methods to ease writing policies for repositories.
Once a policy is set up and mapped to its model class, you may use it to check user permissions according to your policy:
if (policy(ModelClass::class)->index($user, $postRepository)) {
// Index stuff
}
Resolving the current user
All of Laravel's Auth methods will work, so resolving the current user is as simple as $user = Auth::user(). https://laravel.com/docs/5.2/authentication.
Auth will use your default guard unless specified. A typical guard set up for an OAuth specced API would be having one for users accessing via a client and another for client-only requests. Currently there is only Fuzz\Auth\Guards\OAuthGuard which is responsible for resolving the user for a request.
TODOs
- Separate
fuzz/laravel-oauthfromfuzz/magic-box - Support client requests in their own guard and be compatible with the current user
OAuthGuard
fuzz/laravel-oauth 适用场景与选型建议
fuzz/laravel-oauth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 20.12k 次下载、GitHub Stars 达 3, 最近一次更新时间为 2016 年 07 月 07 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 fuzz/laravel-oauth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 fuzz/laravel-oauth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 20.12k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 0
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2016-07-07