接口认证中OAuth2的实现方法

• thephpleague/oauth2-server
• bshaffer/oauth2-server-php 目前使用的

测试

curl -X "GET" "http://localhost:4444/authorize.php?response_type=code&client_id=testclient&state=xyz"

curl -X "GET" "http://localhost:4444/implicit.php/authorize" \
    -H "Accept: 1.0" \
    --data-urlencode "grant_type=password"


curl -X "GET" "http://localhost:4444/auth_code.php/authorize" \
    -H "Accept: 1.0" \
    --data-urlencode "response_type=password"

    curl -X "POST" "http://localhost:4444/client_credentials.php/access_token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "Accept: 1.0" \
    --data-urlencode "grant_type=foo" \
    --data-urlencode "client_id=myawesomeapp" \
    --data-urlencode "client_secret=bar" \
    --data-urlencode "scope=basic email"



    curl -X "POST" "http://localhost:4444/server.php" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "Accept: 1.0" \
    --data-urlencode "grant_type=authorization_code" \
    --data-urlencode "client_id=testclient" \
    --data-urlencode "client_secret=testpass" \
    --data-urlencode "code=5f82cb42b1dde0230ab750cdabc9ff317addf6af" \
    --data-urlencode "scope=basic"

    curl -X "POST" "http://localhost:4444/eg1.php" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "Accept: 1.0" \
    --data-urlencode "grant_type=authorization_code" \
    --data-urlencode "client_id=testclient" \
    --data-urlencode "client_secret=testpass" \
    --data-urlencode "code=5f82cb42b1dde0230ab750cdabc9ff317addf6af" \
    --data-urlencode "scope=basic"


    curl -X "POST" "http://localhost:4444/eg1.php" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "Accept: 1.0" \
    --data-urlencode "grant_type=password" \
    --data-urlencode "client_id=testclient" \
    --data-urlencode "client_secret=testpass" \
    --data-urlencode "username=demouser" \
    --data-urlencode "password=abc123" \
    --data-urlencode "scope=basic"


    curl http://localhost:4444/server.php --data 'access_token=b55d3b307609adab83085d017c156ce49266d2fs8'

eg1.php

<?php

require_once "./vendor/autoload.php";
\OAuth2\Autoloader::register();
$pdo = new \PDO('mysql:host=mysql;dbname=bshaffer', "root", "root");

// //创建存储的方式
$storage = new \OAuth2\Storage\Pdo($pdo);
// $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));

// $users = array('bshaffer' => array('password' => 'brent123', 'first_name' => 'Brent', 'last_name' => 'Shaffer'));
// $storage = new OAuth2\Storage\Memory(array('user_credentials' => $users));

// echo sha1('abc123');

$server = new \OAuth2\Server($storage);
$server->addGrantType(new \OAuth2\GrantType\UserCredentials($storage)); // or any grant type you like!
$server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();

authorize.php

<?php

class Oauth2 {
    public function __construct()
    {
        require_once "./vendor/autoload.php";
        \OAuth2\Autoloader::register();
    }

    private function server()
    {
        $pdo = new \PDO('mysql:host=mysql;dbname=bshaffer', "root", "root");

        //创建存储的方式
        $storage = new \OAuth2\Storage\Pdo($pdo);

        //创建server
        $server = new \OAuth2\Server($storage);

        // 添加 Authorization Code 授予类型
        $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));

        return $server;
    }

    public function getCode()
    {
        $server = $this->server();
        $request = \OAuth2\Request::createFromGlobals();
        $response = new \OAuth2\Response();
        $is_authorized  = true;
        $userid = 1234;
        return $server->handleAuthorizeRequest($request, $response, $is_authorized, $userid);
    }



}
$oauth2 = new Oauth2();
$res = $oauth2->getCode();
var_dump($res);
// $server = $oauth2->server();
// $userid = 1234; // A value on your server that identifies the user
// $server->handleAuthorizeRequest($request, $response, $is_authorized, $userid);

server.php

<?php

class Oauth2 {
    public function __construct()
    {
        require_once "./vendor/autoload.php";
        \OAuth2\Autoloader::register();
    }

    private function server()
    {
        $pdo = new \PDO('mysql:host=mysql;dbname=bshaffer', "root", "root");

        //创建存储的方式
        $storage = new \OAuth2\Storage\Pdo($pdo);

        //创建server
        $server = new \OAuth2\Server($storage);

        // 添加 Authorization Code 授予类型
        $server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));

        return $server;
    }

    public function token()
    {
        $server = $this->server();
        $server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
        exit();
    }

    public function resource()
    {
        $server = $this->server();  
        if (!$server->verifyResourceRequest(\OAuth2\Request::createFromGlobals())) {
            $server->getResponse()->send();
            die;
        }
        $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals());
        echo "User ID associated with this token is {$token['user_id']}";

        echo json_encode(array('success' => true, 'message' => '您访问了我的API!'));

    }

}

$server = new Oauth2();
$server->resource();

相关资料

github-bshaffer-Oauth
github-bshaffer-Oauth-demo
composer-bshaffer-Oauth
bshaffer-Oauth-doc

使用OAuth2 Server PHP实现OAuth2服务

搭建OAuth2.0
基于PHP构建OAuth 2.0 服务端 认证平台