yuca/sso
Composer 安装命令:
composer require yuca/sso
包简介
Simple Single Sign-On
README 文档
README
NOTES: This version is forked from https://github.com/jasny/sso which improved with the following features:
- NGINX server support
- Whitelist IP
- Cache & Session 3rd party support
Jasny\SSO is a relatively simply and straightforward solution for an single sign on (SSO) implementation. With SSO, logging into a single website will authenticate you for all affiliate sites.
How it works
When using SSO, when can distinguish 3 parties:
- Client - This is the browser of the visitor
- Broker - The website which is visited
- Server - The place that holds the user info and credentials
The broker has an id and a secret. These are know to both the broker and server.
When the client visits the broker, it creates a random token, which is stored in a cookie. The broker will then send the client to the server, passing along the broker's id and token. The server creates a hash using the broker id, broker secret and the token. This hash is used to create a link to the users session. When the link is created the server redirects the client back to the broker.
The broker can create the same link hash using the token (from the cookie), the broker id and the broker secret. When doing requests, it passes that has as session id.
The server will notice that the session id is a link and use the linked session. As such, the broker and client are using the same session. When another broker joins in, it will also use the same session.
For a more indepth explanation, please read this article.
How is this different from OAuth?
With OAuth, you can authenticate a user at an external server and get access to their profile info. However you aren't sharing a session.
A user logs in to website foo.com using Google OAuth. Next he visits website bar.org which also uses Google OAuth. Regardless of that, he is still required to press on the 'login' button on bar.org.
With Jasny/SSO both websites use the same session. So when the user visits bar.org, he's automatically logged in. When he logs out (on either of the sites), he's logged out for both.
Installation
Install this library through composer
composer require jasny/sso
Usage
Server
Jasny\SSO\Server is an abstract class. You need to create a your own class which implements the abstract methods.
These methods are called fetch data from a data souce (like a DB).
class MySSOServer extends Jasny\SSO\Server { /** * Authenticate using user credentials * * @param string $username * @param string $password * @return \Jasny\ValidationResult */ abstract protected function authenticate($username, $password) { ... } /** * Get the secret key and other info of a broker * * @param string $brokerId * @return array */ abstract protected function getBrokerInfo($brokerId) { ... } /** * Get the information about a user * * @param string $username * @return array|object */ abstract protected function getUserInfo($username) { ... } }
The MySSOServer class can be used as controller in an MVC framework.
Alternatively you can use MySSOServer as library class. In that case pass option fail_exception to the constructor.
This will make the object throw a Jasny\SSO\Exception, rather than set the HTTP response and exit.
For more information, checkout the server example.
Broker
When creating a Jasny\SSO\Broker instance, you need to pass the server url, broker id and broker secret. The broker id
and secret needs to be registered at the server (so fetched when using getBrokerInfo($brokerId)).
Be careful: The broker id SHOULD be alphanumeric. In any case it MUST NOT contain the "-" character.
Next you need to call attach(). This will generate a token an redirect the client to the server to attach the token
to the client's session. If the client is already attached, the function will simply return.
When the session is attached you can do actions as login/logout or get the user's info.
$broker = new Jasny\SSO\Broker($serverUrl, $brokerId, $brokerSecret); $broker->attach(); $user = $broker->getUserInfo(); echo json_encode($user);
For more information, checkout the broker and ajax-broker example.
Examples
There is an example server and two example brokers. One with normal redirects and one using JSONP / AJAX.
To proof it's working you should setup the server and two or more brokers, each on their own machine and their own (sub)domain. However you can also run both server and brokers on your own machine, simply to test it out.
On *nix (Linux / Unix / OSX) run:
php -S localhost:9000 -t examples/server/
export SSO_SERVER=http://localhost:9000 SSO_BROKER_ID=Alice SSO_BROKER_SECRET=8iwzik1bwd; php -S localhost:9001 -t examples/broker/
export SSO_SERVER=http://localhost:9000 SSO_BROKER_ID=Greg SSO_BROKER_SECRET=7pypoox2pc; php -S localhost:9002 -t examples/broker/
export SSO_SERVER=http://localhost:9000 SSO_BROKER_ID=Julias SSO_BROKER_SECRET=ceda63kmhp; php -S localhost:9003 -t examples/ajax-broker/
Now open some tabs and visit http://localhost:9001, http://localhost:9002 and http://localhost:9003. username/password jackie/jackie123 john/john123
Note that after logging in, you need to refresh on the other brokers to see the effect.
yuca/sso 适用场景与选型建议
yuca/sso 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 929 次下载、GitHub Stars 达 2, 最近一次更新时间为 2018 年 04 月 02 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「SSO」 「auth」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 yuca/sso 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 yuca/sso 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 yuca/sso 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Laravel Multiauth package
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
This package provides a flexible way to add Role-based Permissions to Laravel 6.x
Email Toolkit Plugin for CakePHP
Simple Single Sign-On
Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client
统计信息
- 总下载量: 929
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 14
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2018-04-02