OAuth2 基于TP 搭建简单案例,oauth2tp搭建案例
阅读须知:理解OAuth2
OAuth是一个关于授权(authorization)的开放网络标准,在全世界得到广泛应用,目前的版本是2.0版。今天就试着把环境搭建一下在此仅作为学习记录;
参考资料来源:
http://oauth.net/2/
http://bshaffer.github.io/oauth2-server-php-docs/cookbook/
数据表准备:
--
-- 表的结构 `oauth_access_tokens`
--
CREATE TABLE IF NOT EXISTS `oauth_access_tokens` (
`access_token` text,
`client_id` text,
`user_id` text,
`expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`scope` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `oauth_authorization_codes`
--
CREATE TABLE IF NOT EXISTS `oauth_authorization_codes` (
`authorization_code` text,
`client_id` text,
`user_id` text,
`redirect_uri` text,
`expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`scope` text,
`id_token` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `oauth_clients`
--
CREATE TABLE IF NOT EXISTS `oauth_clients` (
`client_id` text,
`client_secret` text,
`redirect_uri` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- 转存表中的数据 `oauth_clients`
--
INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`) VALUES
('demoapp', 'demopass', 'http://127.0.0.1/tp/index.php');
-- --------------------------------------------------------
--
-- 表的结构 `oauth_public_keys`
--
CREATE TABLE IF NOT EXISTS `oauth_public_keys` (
`client_id` varchar(80) DEFAULT NULL,
`public_key` varchar(8000) DEFAULT NULL,
`private_key` varchar(8000) DEFAULT NULL,
`encryption_algorithm` varchar(80) DEFAULT 'RS256'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `oauth_refresh_tokens`
--
CREATE TABLE IF NOT EXISTS `oauth_refresh_tokens` (
`refresh_token` text,
`client_id` text,
`user_id` text,
`expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`scope` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `oauth_scopes`
--
CREATE TABLE IF NOT EXISTS `oauth_scopes` (
`scope` text,
`is_default` tinyint(1) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `oauth_users`
--
CREATE TABLE IF NOT EXISTS `oauth_users` (
`username` varchar(255) NOT NULL,
`password` varchar(2000) DEFAULT NULL,
`first_name` varchar(255) DEFAULT NULL,
`last_name` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Indexes for table `oauth_users`
--
ALTER TABLE `oauth_users`
ADD PRIMARY KEY (`username`);
OAuth2 库地址:https://github.com/bshaffer/oauth2-server-php
这里我把它放在Vendor/OAuth2里;
授权请求类:
<?php
namespace Api\Controller;
class OAuth2Controller extends \Org\OAuth2\Controller
{
public function __construct()
{
parent::__construct();
}
public function authorize()
{
// validate the authorize request
if (!$this->oauth_server->validateAuthorizeRequest($this->oauth_request, $this->oauth_response)) {
$this->oauth_response->send();
die;
}
// print the authorization code if the user has authorized your client
$this->oauth_server->handleAuthorizeRequest($this->oauth_request, $this->oauth_response, true);
// this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
$code = substr($this->oauth_response->getHttpHeader('Location'), strpos($this->oauth_response->getHttpHeader('Location'), 'code=') + 5, 40);
echo json_encode(['code' => $code]);
//$this->oauth_response->send();
}
public function token()
{
$this->oauth_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
}
}
OAuth2 库的请求封装放在:Org/OAuth2里;
<?php
namespace Org\OAuth2;
class Controller
{
protected $oauth_server;
protected $oauth_storage;
protected $oauth_request;
protected $oauth_response;
public function __construct()
{
// Autoloading (composer is preferred, but for this example let's just do this)
// require_once(VENDOR_PATH . '/OAuth2/Autoloader.php');
// \OAuth2\Autoloader::register();
// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$this->oauth_storage = new \OAuth2\Storage\Pdo(array('dsn' => C('DSN'), 'username' => C('USERNAME'), 'password' => C('PASSWORD')));
// Pass a storage object or array of storage objects to the OAuth2 server class
$this->oauth_server = new \OAuth2\Server($this->oauth_storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$this->oauth_server->addGrantType(new \OAuth2\GrantType\ClientCredentials($this->oauth_storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$this->oauth_server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->oauth_storage));
$this->oauth_request = \OAuth2\Request::createFromGlobals();
$this->oauth_response = new \OAuth2\Response();
}
}
<?php
namespace Org\OAuth2;
class Resource extends Controller
{
protected $tokenData;
public function __construct()
{
parent::__construct();
// Handle a request to a resource and authenticate the access token
if (!$this->oauth_server->verifyResourceRequest(\OAuth2\Request::createFromGlobals())) {
$this->oauth_server->getResponse()->send();
die;
}
$this->tokenData = $this->oauth_server->getResourceController()->getToken();
}
}
测试类:
<?php
namespace Api\Controller;
class TestController extends \Org\OAuth2\Resource
{
public function __construct()
{
parent::__construct();
}
public function test()
{
echo json_encode(array('success' => true, 'message' => 'You accessed my APIs!'));
}
public function getToken()
{
echo json_encode(['token' => $this->tokenData]);
}
}
配置文件:
require_once(VENDOR_PATH . '/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();
return array(
//'配置项'=>'配置值'
'AUTOLOAD_NAMESPACE' => array('OAuth2' => VENDOR_PATH . 'OAuth2/'), //扩展模块列表
'DSN' => 'mysql:host=localhost;dbname=oauth2',
'USERNAME' => 'root',
'PASSWORD' => '',
);
Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Roblox: Grow A Garden - Complete Mutation Guide
3 weeks agoByDDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
How to fix KB5055612 fails to install in Windows 10?
3 weeks agoByDDD
Nordhold: Fusion System, Explained
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Blue Prince: How To Get To The Basement
1 months agoByDDD
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SublimeText3 Linux new version
SublimeText3 Linux latest version
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
