神刀安全网

OAuth2 基于TP 搭建简单案例

阅读须知: 理解OAuth2

OAuth 是一个关于授权( authorization )的开放网络标准,在全世界得到广泛应用,目前的版本是 2.0 版。 今天就试着把环境搭建一下在此仅作为学习记录;

参考资料来源:

http://bshaffer.github.io/oauth2-server-php-docs/cookbook/

数据表准备:

-- -- 表的结构 `oauth_access_tokens` --  CREATE TABLE IF NOT EXISTS `oauth_access_tokens` (   `access_token` text,   `client_id` text,   `user_id` text,   `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,   `scope` text ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- --------------------------------------------------------  -- -- 表的结构 `oauth_authorization_codes` --  CREATE TABLE IF NOT EXISTS `oauth_authorization_codes` (   `authorization_code` text,   `client_id` text,   `user_id` text,   `redirect_uri` text,   `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,   `scope` text,   `id_token` text ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- --------------------------------------------------------  -- -- 表的结构 `oauth_clients` --  CREATE TABLE IF NOT EXISTS `oauth_clients` (   `client_id` text,   `client_secret` text,   `redirect_uri` text ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- -- 转存表中的数据 `oauth_clients` --  INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`) VALUES ('demoapp', 'demopass', 'http://127.0.0.1/tp/index.php');  -- --------------------------------------------------------  -- -- 表的结构 `oauth_public_keys` --  CREATE TABLE IF NOT EXISTS `oauth_public_keys` (   `client_id` varchar(80) DEFAULT NULL,   `public_key` varchar(8000) DEFAULT NULL,   `private_key` varchar(8000) DEFAULT NULL,   `encryption_algorithm` varchar(80) DEFAULT 'RS256' ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- --------------------------------------------------------  -- -- 表的结构 `oauth_refresh_tokens` --  CREATE TABLE IF NOT EXISTS `oauth_refresh_tokens` (   `refresh_token` text,   `client_id` text,   `user_id` text,   `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,   `scope` text ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- --------------------------------------------------------  -- -- 表的结构 `oauth_scopes` --  CREATE TABLE IF NOT EXISTS `oauth_scopes` (   `scope` text,   `is_default` tinyint(1) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- --------------------------------------------------------  -- -- 表的结构 `oauth_users` --  CREATE TABLE IF NOT EXISTS `oauth_users` (   `username` varchar(255) NOT NULL,   `password` varchar(2000) DEFAULT NULL,   `first_name` varchar(255) DEFAULT NULL,   `last_name` varchar(255) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8;  -- -- Indexes for table `oauth_users` -- ALTER TABLE `oauth_users`   ADD PRIMARY KEY (`username`);

OAuth2 库地址:https://github.com/bshaffer/oauth2-server-php

这里我把它放在Vendor/OAuth2里;

授权请求类:

<?php  namespace Api/Controller;  class OAuth2Controller extends /Org/OAuth2/Controller {      public function __construct()     {         parent::__construct();     }      public function authorize()     {  // validate the authorize request         if (!$this->oauth_server->validateAuthorizeRequest($this->oauth_request, $this->oauth_response)) {             $this->oauth_response->send();             die;         }   // print the authorization code if the user has authorized your client         $this->oauth_server->handleAuthorizeRequest($this->oauth_request, $this->oauth_response, true);          // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client         $code = substr($this->oauth_response->getHttpHeader('Location'), strpos($this->oauth_response->getHttpHeader('Location'), 'code=') + 5, 40);          echo json_encode(['code' => $code]);          //$this->oauth_response->send();     }      public function token()     {         $this->oauth_server->handleTokenRequest(/OAuth2/Request::createFromGlobals())->send();     }  }

OAuth2 库的请求封装放在:Org/OAuth2里;

<?php  namespace Org/OAuth2;  class Controller {      protected $oauth_server;     protected $oauth_storage;     protected $oauth_request;     protected $oauth_response;      public function __construct()     {         // Autoloading (composer is preferred, but for this example let's just do this) //        require_once(VENDOR_PATH . '/OAuth2/Autoloader.php'); //        /OAuth2/Autoloader::register();         // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"         $this->oauth_storage = new /OAuth2/Storage/Pdo(array('dsn' => C('DSN'), 'username' => C('USERNAME'), 'password' => C('PASSWORD')));          // Pass a storage object or array of storage objects to the OAuth2 server class         $this->oauth_server = new /OAuth2/Server($this->oauth_storage);          // Add the "Client Credentials" grant type (it is the simplest of the grant types)         $this->oauth_server->addGrantType(new /OAuth2/GrantType/ClientCredentials($this->oauth_storage));          // Add the "Authorization Code" grant type (this is where the oauth magic happens)         $this->oauth_server->addGrantType(new /OAuth2/GrantType/AuthorizationCode($this->oauth_storage));          $this->oauth_request = /OAuth2/Request::createFromGlobals();         $this->oauth_response = new /OAuth2/Response();     }  }   <?php  namespace Org/OAuth2;  class Resource extends Controller {      protected $tokenData;      public function __construct()     {         parent::__construct();          // Handle a request to a resource and authenticate the access token         if (!$this->oauth_server->verifyResourceRequest(/OAuth2/Request::createFromGlobals())) {             $this->oauth_server->getResponse()->send();             die;         }          $this->tokenData = $this->oauth_server->getResourceController()->getToken();     }  }

测试类:

<?php  namespace Api/Controller;  class TestController extends /Org/OAuth2/Resource {      public function __construct()     {         parent::__construct();     }      public function test()     {         echo json_encode(array('success' => true, 'message' => 'You accessed my APIs!'));     }      public function getToken()     {         echo json_encode(['token' => $this->tokenData]);     }  }

配置文件:

require_once(VENDOR_PATH . '/OAuth2/Autoloader.php'); OAuth2/Autoloader::register(); return array(     //'配置项'=>'配置值'     'AUTOLOAD_NAMESPACE' => array('OAuth2' => VENDOR_PATH . 'OAuth2/'), //扩展模块列表     'DSN' => 'mysql:host=localhost;dbname=oauth2',     'USERNAME' => 'root',     'PASSWORD' => '', );

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » OAuth2 基于TP 搭建简单案例

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮