wakeonweb/kong-oauth2-server-bundle
Composer 安装命令:
composer require wakeonweb/kong-oauth2-server-bundle
包简介
Kong OAuth2 Server Bundle
README 文档
README
Note: The bundle handle the technical communication with Kong and provide an authorization page. The other security stuffs should be managed by the application (form login, reset password, etc.).
Configuration
/.env
KONG_ADMIN_URL=http://localhost:8001
KONG_API_URL=https://localhost:8443
KONG_PROVISION_KEY=34cbcb435c02b87c9cd9d68ac6c86e2c
/config/packages/wakeonweb_kong_oauth2_server.yaml
wakeonweb_kong_oauth2_server:
kong:
admin_url: '%env(KONG_ADMIN_URL)%'
api_url: '%env(KONG_API_URL)%'
provision_key: '%env(KONG_PROVISION_KEY)%'
cancel_path: /logout
/config/routes/wakeonweb_kong_oauth2_server.yaml
wakeonweb_kong_oauth2_server.authenticate:
path: /authenticate
controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController
wakeonweb_kong_oauth2_server.login:
path: /api/login
controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\LoginController
/config/packages/security.yaml
security:
# ...
firewalls:
anonymous: true
api:
pattern: ^/api/login$
anonymous: ~
json_login:
check_path: /api/login
main:
form_login:
login_path: /login
check_path: /login
access_control:
- { path: /api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /, roles: IS_AUTHENTICATED_FULLY }
OAuth2
The OAuth2 specification describe 4 grant types:
- Authorization Code Grant
- Implicit Grant
- Resource Owner Password Credentials Grant
- Client Credentials Grant
3 of them are supported out of the box. The "Client Credentials Grant" is way to specific at the moment and will be implemented later.
Authorization Code Grant
The "Authorization Code Grant" workflow is handled by the
WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController. Just be sure to add a routing to this controller
in order to handle it.
/config/routes/wakeonweb_kong_oauth2_server.yaml
wakeonweb_kong_oauth2_server.authenticate:
path: /authenticate
controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController
The client application will have to route the end user to the following url:
http://sso.com/authorize?client_id=<id>&response_type=code. Kong & the bundle will do the rest.
Implicit Grant
The "Implicit Grant" workflow is handled by the WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController.
Just be sure to add a routing to this controller in order to handle it.
/config/routes/wakeonweb_kong_oauth2_server.yaml
wakeonweb_kong_oauth2_server.authenticate:
path: /authenticate
controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\AuthenticateController
The client application will have to route the end user to the following url:
http://sso.com/authorize?client_id=<id>&response_type=token. Kong & the bundle will do the rest.
Resource Owner Password Credentials Grant
The "Resource Owner Password Credentials Grant" workflow is handled by the
WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\LoginController. Just be sure to add a routing to this controller in
order and a security firewall to handle it.
/config/routes/wakeonweb_kong_oauth2_server.yaml
wakeonweb_kong_oauth2_server.login:
path: /api/login
controller: WakeOnWeb\Bundle\KongOAuth2ServerBundle\Controller\LoginController
/config/packages/security.yaml
security:
# ...
firewalls:
anonymous: true
api:
pattern: ^/api/login$
anonymous: ~
json_login:
check_path: /api/login
access_control:
- { path: /api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: /, roles: IS_AUTHENTICATED_FULLY }
Client Credentials Grant
not supported yet
IdentityResolver
The user identity can be resolved from the UserInterface using an IdentityResolver. A "username as identity"
strategy is used per default. This means that the UserInterface::getUsername() result will be used as the user id. You
can change this behavior by implementing your own IdentityResolver.
src/User/IdentityAsIs.php
<?php
namespace App\User;
use WakeOnWeb\Bundle\KongOAuth2ServerBundle\User\IdentityResolver;
use Symfony\Component\Security\Core\User\UserInterface;
class IdentityAsIs implements IdentityResolver
{
public function resolveIdentity(UserInterface $user): string
{
return $user->getId();
}
}
/config/packages/wakeonweb_kong_oauth2_server.yaml
wakeonweb_kong_oauth2_server:
# ...
identity_resolver: App\User\IdentityAsIs
wakeonweb/kong-oauth2-server-bundle 适用场景与选型建议
wakeonweb/kong-oauth2-server-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 50 次下载、GitHub Stars 达 0, 最近一次更新时间为 2018 年 11 月 07 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 wakeonweb/kong-oauth2-server-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 wakeonweb/kong-oauth2-server-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 50
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 1
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2018-11-07