OAuth in PHP: Create a JWT authorization server

OAuth in PHP: Creating a JWT authorization server

With the rise of mobile applications and the trend of separation of front-end and back-end, OAuth has become an indispensable part of modern web applications. OAuth is an authorization protocol that protects users' resources from unauthorized access by providing standardized processes and mechanisms. In this article, we will learn how to create an OAuth authorization server based on JWT (JSON Web Tokens) using PHP.

JWT is a secure way to pass information across the web. It consists of three parts, namely header, payload and signature. The header usually contains some metadata, such as algorithm and token type. The payload contains specific information to be passed, such as user ID, permissions and expiration time. The signature is the result of encrypting the header and payload using a private key to ensure the integrity and security of the Token.

First, we need to create a PHP project and install a JWT library. In this example, we will use the "firebase/php-jwt" library. It can be installed through Composer, run the following command:

composer require firebase/php-jwt

In the project root directory, we create an "oauth.php" file to serve as our authorization server.

The following is a simple authorization server code example:

<?php
require 'vendor/autoload.php';

use FirebaseJWTJWT;

// 定义服务器密钥
$server_key = 'your-secret-key';

// 定义过期时间，单位为秒
$expiry_time = 3600;

// 定义有效的客户端ID和秘密
$valid_clients = [
    'client_id1' => 'client_secret1',
    'client_id2' => 'client_secret2',
];

// 验证客户端ID和秘密
function verify_client_credentials($client_id, $client_secret) {
    global $valid_clients;
    return isset($valid_clients[$client_id]) && $valid_clients[$client_id] === $client_secret;
}

// 授权服务器端点
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // 验证客户端身份
    $client_id = $_POST['client_id'];
    $client_secret = $_POST['client_secret'];
    if (!verify_client_credentials($client_id, $client_secret)) {
        http_response_code(401);
        echo json_encode(['error' => 'Invalid client credentials']);
        exit;
    }

    // 创建JWT
    $token = [
        'iss' => $_SERVER['SERVER_NAME'],
        'aud' => $client_id,
        'iat' => time(),
        'exp' => time() + $expiry_time
    ];
    $jwt = JWT::encode($token, $server_key);

    // 返回JWT给客户端
    echo json_encode(['access_token' => $jwt]);
    exit;
}

// 获取JWT
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $auth_header = $_SERVER['HTTP_AUTHORIZATION'];
    $jwt = substr($auth_header, 7); // 去掉"Bearer "前缀

    try {
        // 验证和解码JWT
        $decoded = JWT::decode($jwt, $server_key, ['HS256']);
        
        // 验证有效性
        if ($decoded->exp < time()) {
            http_response_code(401);
            echo json_encode(['error' => 'Token expired']);
            exit;
        }

        // 返回用户信息或其他受保护的资源
        echo json_encode(['user_id' => $decoded->sub]);
        exit;
    } catch (Exception $e) {
        // 如果JWT无效，返回错误
        http_response_code(401);
        echo json_encode(['error' => $e->getMessage()]);
        exit;
    }
}
?>

In the above example, we first define the server key ($server_key) and expiration time ( $expiry_time). Then, we define valid client IDs and secrets ($valid_clients).

Next, we implemented a verify_client_credentials function to verify the client’s identity. In the authorization server endpoint, we first verify the identity information provided by the client, then create a JWT and return it to the client.

In the endpoint to get the JWT, we first get the JWT from the HTTP request header, then verify and decode it. If the JWT is valid and has not expired, we will return the user information or other protected resources.

It should be noted that the above code is for demonstration purposes only. In actual use, we need to extend and modify it according to specific needs.

Summary:
OAuth is an authorization protocol that is widely used in modern web applications. JWT is a secure method of transferring information. With the Firebase JWT library in PHP, we can easily create a JWT based OAuth authorization server. Please modify and expand according to specific needs to ensure security and reliability.

The above is the introduction and sample code for creating a JWT authorization server using PHP. I hope this article can help you understand and use the relevant knowledge of OAuth and JWT.

The above is the detailed content of OAuth in PHP: Create a JWT authorization server. For more information, please follow other related articles on the PHP Chinese website!