定制 yaknet/y-auth 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

yaknet/y-auth

Composer 安装命令:

composer require yaknet/y-auth

包简介

Official PHP SDK for YakNet Kimlik Doğrulama Platformu (SSO / OAuth2) integration, extending league/oauth2-client.

README 文档

README

Official PHP integration SDK for the YakNet Identity Verification Platform (auth.yakhub.com.tr). This library is built on top of the robust and secure league/oauth2-client standard.

Installation

You can install this package using Composer:

composer require yaknet/y-auth

Basic Usage

1. Initialize the Provider

Create an instance of the provider with your client credentials registered in the YakNet Geliştirici Portalı:

use YakNet\YAuth\Provider\YakNetProvider;

$provider = new YakNetProvider([
    'clientId'     => 'your-client-id',
    'clientSecret' => 'your-client-secret',
    'redirectUri'  => 'https://your-app.com/callback',
    // Optional: Defaults to https://auth.yakhub.com.tr
    'baseUrl'      => 'https://auth.yakhub.com.tr'
]);

2. Redirect to Authorization URL

Redirect the user to the provider's authorization endpoint. We generate and store a secure state parameter to prevent CSRF attacks:

session_start();

// Get the authorization URL
$authorizationUrl = $provider->getAuthorizationUrl();

// Save the state to the session
$_SESSION['oauth2state'] = $provider->getState();

// Redirect the user
header('Location: ' . $authorizationUrl);
exit;

3. Handle the Callback & Get Access Token

In your callback page (redirectUri), verify the state parameter and request the access token using the code parameter:

session_start();

$state = $_GET['state'] ?? null;
$code = $_GET['code'] ?? null;

// Validate state
if (empty($state) || empty($_SESSION['oauth2state']) || $state !== $_SESSION['oauth2state']) {
    unset($_SESSION['oauth2state']);
    exit('Geçersiz state parametresi (CSRF koruması tetiklendi).');
}

// Clear state from session
unset($_SESSION['oauth2state']);

try {
    // Exchange Authorization Code for Access Token
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $code
    ]);

    // Token details
    $accessToken = $token->getToken();
    $refreshToken = $token->getRefreshToken();
    $expires = $token->getExpires();

    // Store tokens in your database or session
    $_SESSION['access_token'] = $accessToken;
    $_SESSION['refresh_token'] = $refreshToken;

    // Optional: Retrieve the authenticated user's profile
    $user = $provider->getResourceOwner($token);

    // Profile Details
    $userId = $user->getId();
    $name = $user->getName();
    $email = $user->getEmail();
    $rawProfile = $user->toArray();

    echo "Başarıyla Giriş Yapıldı! Hoş geldiniz, " . htmlspecialchars($name);

} catch (Exception $e) {
    exit('Giriş Hatası: ' . $e->getMessage());
}

4. Refreshing an Expired Access Token

If your access token expires, you can use the stored refresh token to request a new access token:

use League\OAuth2\Client\Grant\RefreshToken;

try {
    $newToken = $provider->getAccessToken(new RefreshToken(), [
        'refresh_token' => $_SESSION['refresh_token']
    ]);

    $_SESSION['access_token'] = $newToken->getToken();
    $_SESSION['refresh_token'] = $newToken->getRefreshToken();
} catch (Exception $e) {
    // Handle refresh token failure (e.g., redirect to login)
}

Testing

Run unit tests via PHPUnit:

vendor/bin/phpunit

Run static code analysis via PHPStan:

vendor/bin/phpstan analyse

License

This project is developed by YakNet Bilişim and licensed under the MIT License.

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 1
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-07-07

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固