tecnocen/yii2-oauth2-server
Composer 安装命令:
composer require tecnocen/yii2-oauth2-server
包简介
OAuth2 Server for PHP
关键字:
README 文档
README
A wrapper for implementing an OAuth2 Server.
This project was forked from Filsh Original Project but the changes are not transparent, read [UPGRADE.md] to pass to the latest version.
Installation
The preferred way to install this extension is through composer.
Either run
php composer.phar require --prefer-dist tecnocen/yii2-oauth2-server "*"
or add
"tecnocen/yii2-oauth2-server": "~4.1"
to the require section of your composer.json.
Usage
To use this extension, simply add the following code in your application configuration as a new module:
'bootstrap' => ['oauth2'], 'modules'=>[ // other modules ... 'oauth2' => [ 'class' => 'tecnocen\oauth2server\Module', 'tokenParamName' => 'accessToken', 'tokenAccessLifetime' => 3600 * 24, 'storageMap' => [ 'user_credentials' => 'app\models\User', ], 'grantTypes' => [ 'user_credentials' => [ 'class' => 'OAuth2\GrantType\UserCredentials', ], 'refresh_token' => [ 'class' => 'OAuth2\GrantType\RefreshToken', 'always_issue_new_refresh_token' => true ] ] ] ],
Bootstrap will initialize translation and add the required url rules to
Yii::$app->urlManager.
JWT tokens
There is no JWT token support on this fork, feel free to submit a (pull request)[https://github.com/tecnocen-com/yii2-oauth2-server/pulls] to enable this functionality.
UserCredentialsInterface
The class passed to Yii::$app->user->identityClass must implement the interface
\OAuth2\Storage\UserCredentialsInterface, to store oauth2 credentials in user
table.
use Yii; class User extends common\models\User implements \OAuth2\Storage\UserCredentialsInterface { /** * Implemented for Oauth2 Interface */ public static function findIdentityByAccessToken($token, $type = null) { /** @var \tecnocen\oauth2server\Module $module */ $module = Yii::$app->getModule('oauth2'); $token = $module->getServer()->getResourceController()->getToken(); return !empty($token['user_id']) ? static::findIdentity($token['user_id']) : null; } /** * Implemented for Oauth2 Interface */ public function checkUserCredentials($username, $password) { $user = static::findByUsername($username); if (empty($user)) { return false; } return $user->validatePassword($password); } /** * Implemented for Oauth2 Interface */ public function getUserDetails($username) { $user = static::findByUsername($username); return ['user_id' => $user->getId()]; } }
Migrations
The next step is to run migrations
yii migrate all -p=@tecnocen/oauth2server/migrations/tables
yii fixture "*" -n=tecnocen/oauth2server/fixtures
The first commando create the OAuth2 database scheme. The second command insert
test client credentials testclient:testpass for http://fake/.
Controllers
To support authentication by access token. Simply add the behaviors for your controller or module.
use yii\helpers\ArrayHelper; use yii\filters\auth\HttpBearerAuth; use yii\filters\auth\QueryParamAuth; use tecnocen\oauth2server\filters\auth\CompositeAuth; class Controller extends \yii\rest\Controller { /** * @inheritdoc */ public function behaviors() { return ArrayHelper::merge(parent::behaviors(), [ 'authenticator' => [ 'class' => CompositeAuth::class, 'authMethods' => [ ['class' => HttpBearerAuth::class], [ 'class' => QueryParamAuth::class, 'tokenParam' => 'accessToken', ], ] ], ]); } }
The code above is the same as the default implementation which can be simplified as:
use yii\helpers\ArrayHelper; use tecnocen\oauth2server\filters\auth\CompositeAuth; class Controller extends \yii\rest\Controller { /** * @inheritdoc */ public function behaviors() { return ArrayHelper::merge(parent::behaviors(), [ 'authenticator' => CompositeAuth::class, ]); } }
Scopes
The property tecnocen\oauth2server\filters\auth\CompositeAuth::$actionScopes
set which actions require specific scopes. If those scopes are not meet the
action wont be executed, and the server will reply with an HTTP Status Code 403.
public function behaviors() { return ArrayHelper::merge(parent::behaviors(), [ 'authenticator' => [ 'class' => CompositeAuth::class, 'actionScopes' => [ 'create' => 'default create', 'update' => 'default edit', '*' => 'default', // wildcards are allowed ] ],, ]); }
Automatically Revoke Tokens
Sometimes its neccessary to revoke a token on each request to prevent the request from being triggered twice.
To enable this functionality you need to implement
tecnocen\oauth2server\RevokeAccessTokenInterface in the class used to identify
the authenticated user.
use OAuth2\Storage\UserCredentialsInterface; use tecnocen\oauth2server\RevokeAccessTokenInterface; use tecnocen\oauth2server\RevokeAccessTokenTrait; class User extend \yii\db\ActiveRecord implement UserCredentialsInterface, RevokeAccessTokenInterface { use RevokeAccessTokenTrait; // optional, trait with default implementation. // rest of the class. }
Then use the previous class as configuration for Yii::$app->user->identityClass
Attaching the action filter tecnocen\oauth2server\filters\RevokeAccessToken
allows to configure the actions to automatically revoke the access token.
public function behaviors() { return [ 'revokeToken' => [ 'class' => \tecnocen\oauth2server\filters\RevokeAccessToken::class, // optional only revoke the token if it has any of the following // scopes. if not defined it will always revoke the token. 'scopes' => ['author', 'seller'], // optional whether or not revoke all tokens or just the active one 'revokeAll' => true, // optional if non authenticated users are permited. 'allowGuests' => true, // which actions this behavior applies to. 'only' => ['create', 'update'], ] ]; }
Generate Token with JS
To get access token (js example):
var url = window.location.host + "/oauth2/token"; var data = { 'grant_type':'password', 'username':'<some login from your user table>', 'password':'<real pass>', 'client_id':'testclient', 'client_secret':'testpass' }; //ajax POST `data` to `url` here //
Built With
- Yii 2: The Fast, Secure and Professional PHP Framework http://www.yiiframework.com
Code of Conduct
Please read CODE_OF_CONDUCT.md for details on our code of conduct.
Contributing
Please read CONTRIBUTING.md for details on the process for submitting pull requests to us.
Versioning
We use SemVer for versioning. For the versions available, see the tags on this repository.
Considering SemVer for versioning rules 9, 10 and 11 talk about pre-releases, they will not be used within the Tecnocen-com.
Authors
- Angel Guevara - Initial work - Tecnocen.com
- Carlos Llamosas - Initial work - Tecnocen.com
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the LICENSE.md file for details
Acknowledgments
- TO DO - Hat tip to anyone who's code was used
- TO DO - Inspiration
- TO DO - etc
For more, see https://github.com/bshaffer/oauth2-server-php
tecnocen/yii2-oauth2-server 适用场景与选型建议
tecnocen/yii2-oauth2-server 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 13.6k 次下载、GitHub Stars 达 8, 最近一次更新时间为 2017 年 11 月 17 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「oauth」 「oauth2」 「module」 「extension」 「yii」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 tecnocen/yii2-oauth2-server 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 tecnocen/yii2-oauth2-server 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 tecnocen/yii2-oauth2-server 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
WeChat OAuth SDK
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Library for ORCID web services
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
Email Toolkit Plugin for CakePHP
bootstrap select field module implementing http://silviomoreto.github.io/bootstrap-select/
统计信息
- 总下载量: 13.6k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 9
- 点击次数: 14
- 依赖项目数: 2
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2017-11-17