Skip to content

bandronic/oauth2-server-php

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

929 Commits
data
data
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 

Repository files navigation

OAuth2Server

Implementation of the OAuth2 server using Doctrine ORM.

The package forks BShaffer's OAuth2 implementation and adapts it to use Doctrine, PSR4 and PSR7.

Requirements

bshaffer/oauth2-server-php

dasprid/container-interop-doctrine

Installation

  1. Add the ConfigProvider to the config/container.php file:

    <?php

...
$aggregator = new ConfigAggregator([
    ...
    \OAuth2Server\ConfigProvider::class,
    ...
], $cacheConfig['config_cache_path']);

  2. In the config/autoload/local.php add an array for oauth2:

    return [
    ...
    'oauth2' => [
            'db' => [
                'dsn'      => '', // For example "mysql:dbname=oauth2_db;host=localhost"
                'username' => '', // Database username
                'password' => '', // Database password
            ],
            'allow_implicit'    => true, // Default (set to true when you need to support browser-based or mobile apps)
            'access_lifetime'   => 3600, // Default (set a value in seconds for access tokens lifetime)
            'enforce_state'     => true,  // Default
            'always_issue_new_refresh_token' => true, // Set to true in order to receive a refresh token always
            'keys_folder' => './config/keys', // Public and private keys folder location
            'user_entity'       => '', // MANDATORY user entity, must implement UserInterface
            'client_service'       => '', // OPTIONAL client service, must implement ClientInterface
        ],
        ...

];

    Alternatively you can copy the data\oauth2.local.php.dist file in the config/autoload folder and change the values inside it accordingly.

    You must specify an entity for the user_entity config entry. The user_entity class must implement the interface:

    OAuth2Server\Entity\UserInterface

    Optional, if you wish to change the get client details, scope or grant type check, you can specify a client service in the client_service settings parameter. The client service must implement the interface

    OAuth2\Storage\ClientInterface

  3. Create a folder keys in the config folder and inside it generate the private and public keys:

    1. Create a private key openssl genrsa -out private.key 1024
    2. Create a public key openssl rsa -in private.key -pubout > public.key

    Alternatively, you can copy the pre-generated keys from the data folder

    The pre-generated key were generated without a password.

    Alternatively, you can generate the key anywhere in the project structure and specify the location of the keys in the config array under the key 'keys_folder'

Usage

In the routes.php file add the following entries:

$app->post('/authorize', \OAuth2Server\Middleware\Authorize::class, 'authorize');
$app->post('/access_token', \OAuth2Server\Middleware\Token::class, 'access_token');

Create the database schema using the included migration file: 20171107115657_oauth.php

Add a client:

client_id: test
client_secret: test 
grant_types: authorization_code password refresh_token

Authorization

For the authorize method, performing a GET on the

http://localhost:8080/authorize?client_id=test&response_type=code&state=asdf123&redirect_uri=http%3A%2F%2Flocalhost:8080%2Fauthorize

will validate the URL and redirect to an authorize/deny page

Authorizing will redirect to the provided redirect URI with an authorization token

Posting to the /authorize URI with the following body fields:


Postman:

[
    {"key":"grant_type","value":"authorization_code","description":""},
    {"key":"client_id","value":"test","description":""},
    {"key":"client_secret","value":"test","description":""},
    {"key":"scope","value":"test","description":""},
    {"key":"code","value":"<AUTHORIZATION_CODE>","description":""},
    {"key":"redirect_uri","value":"<URL>","description":""}
]

will return a valid token which you can use multiple times, example:

{
    "access_token": "7b2d00806e938ad976071c4d4d5cd1fe6bc680e9",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "test",
    "refresh_token": "471cae69cf042921348f284881de0477528017c7"
}

Password

Add a user with

username: test
password: test

For the password method, performing a POST on the /access_token route with the following body:

Postman

[
  {"key":"grant_type","value":"password","description":""},
  {"key":"client_id","value":"test","description":""},
  {"key":"client_secret","value":"test","description":""},
  {"key":"username","value":"test","description":""},
  {"key":"password","value":"test","description":""},
  {"key":"scope","value":"test","description":""}
]

will return an access token, example:

{
    "access_token": "0d5e4bf51129e0fe2c94f9ecb91786ffab0018b2",
    "expires_in": 3600,
    "token_type": "Bearer",
    "scope": "test",
    "refresh_token": "1f67452221c02257ca39f7934906bf92db8cd51f"
}

Access token usage

Piping the \OAuth2Server\Middleware\VerifyResource middleware to a route will verify the access token validity

$app->get('/', [ \OAuth2Server\Middleware\VerifyResource::class, App\Action\HomePageAction::class ], 'home');

A valid GET for

http://localhost:8080/

would have to contain the Authorization header. Example:

Authorization: Bearer <TOKEN>

About

A library for implementing an OAuth2 Server in php

bshaffer.github.io/oauth2-server-php-docs

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

First release of Doctrine integration Latest
Nov 13, 2017

Packages

No packages published

Languages

  • PHP 100.0%