仅使用 bshaffer OAuth2.0 库实现客户端凭据授权类型
Implementing client credentials grant type only using bshaffer OAuth2.0 library
我决定使用 bshaffer 的 OAuth2.0 库 (https://bshaffer.github.io/oauth2-server-php-docs/)。我正在使用它为我的 API 实施 客户端凭据 授权类型。请求访问令牌时(使用硬编码 client_id 和 client_secret),一切正常。我通过以下
grant_type => client_credentials
client_id => oauthuser
client_secret => xkJ7ua2p9zaRQ78YxYAfTCKGUaGEfMS6
结果如下:
{
"access_token": "855b36508abfdfcd25281e36020ab48917d4a637",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}
但是每当我使用它作为 header:
请求我的数据时
authorization => Bearer 855b36508abfdfcd25281e36020ab48917d4a637
我收到一条错误消息,说我的令牌无效:
{
"error": "invalid_token",
"error_description": "The access token provided is invalid"
}
我做错了什么? client_credentials 授权类型是否可以在没有授权授权类型的情况下使用,如演示应用程序所示?
这是我的一些代码:
对于初始化 OAuth 2.0 服务器的文件:
namespace App\Libraries;
use Silex\Application;
use Silex\ControllerProviderInterface;
use OAuth2\Storage\Memory as OAuth2MemoryStoraage;
use OAuth2\Server as OAuth2Server;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\HttpFoundationBridge\Response as BridgeResponse;
class OAuth2Library implements ControllerProviderInterface
{
public function setup(Application $app)
{
$clients = array('oauthuser' => array(
'client_secret' => 'xkJ7ua2p9zaRQ78YxYAfTCKGUaGEfMS6'
));
$storage = new OAuth2MemoryStoraage(array('client_credentials' => $clients));
$server = new OAuth2Server($storage, array('issuer' => $_SERVER['HTTP_HOST']));
$server->addGrantType(new ClientCredentials($storage));
$app['oauth_server'] = $server;
$app['oauth_response'] = new BridgeResponse();
}
public function connect(Application $app)
{
$this->setup($app);
$routing = $app['controllers_factory'];
$routing->post('/accesstoken', 'App\Controllers\OAuthController::authorize');
return $routing;
}
}
对于给出访问令牌的函数(在另一个文件中):
namespace App\Controllers;
use OAuth2;
use Silex\Application;
use Symfony\Component\HttpFoundation\Response;
use OAuth2\HttpFoundationBridge\Request as BridgeRequest;
class OAuthController
{
public function authorize(Application $app)
{
$server = $app['oauth_server'];
$response = $app['oauth_response'];
return $server->handleTokenRequest($app['request'], $response);
//return $app->json($encoded, 200);
}
}
最后,在另一个文件中,获取资源的函数:
namespace App\Controllers;
use Silex\Application;
use Symfony\Component\HttpFoundation\Response;
use OAuth2;
class HelloController
{
public function get(Application $app)
{
$server = $app['oauth_server'];
$response = $app['oauth_response'];
if (!$server->verifyResourceRequest($app['request'], $response)) {
return $server->getResponse();
}
else
{
$result = $app['db']->fetchAssoc("select * from user");
return new Response(json_encode($result));
}
}
}
我做错了什么?谢谢!
OAuth2\Storage\Memory不会在请求之间持久化,所以你需要使用数据库(例如OAuth2\Storage\Pdo)来存储access_tokens.
您可以将 SQLite 作为单个文件与 PDO 一起用于测试:sqlite.org/onefile.html
您可以像这样实现 MySQL PDO 存储
$dsn = 'mysql:dbname=my_oauth2_db;host=localhost';
$username = 'root';
$password = '';
// error reporting (this is a demo, after all!)
ini_set('display_errors',1);error_reporting(E_ALL);
// Autoloading (composer is preferred, but for this example let's just do this)
require_once('oauth2-server-php/src/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();
// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
我决定使用 bshaffer 的 OAuth2.0 库 (https://bshaffer.github.io/oauth2-server-php-docs/)。我正在使用它为我的 API 实施 客户端凭据 授权类型。请求访问令牌时(使用硬编码 client_id 和 client_secret),一切正常。我通过以下
grant_type => client_credentials
client_id => oauthuser
client_secret => xkJ7ua2p9zaRQ78YxYAfTCKGUaGEfMS6
结果如下:
{
"access_token": "855b36508abfdfcd25281e36020ab48917d4a637",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}
但是每当我使用它作为 header:
请求我的数据时authorization => Bearer 855b36508abfdfcd25281e36020ab48917d4a637
我收到一条错误消息,说我的令牌无效:
{
"error": "invalid_token",
"error_description": "The access token provided is invalid"
}
我做错了什么? client_credentials 授权类型是否可以在没有授权授权类型的情况下使用,如演示应用程序所示?
这是我的一些代码:
对于初始化 OAuth 2.0 服务器的文件:
namespace App\Libraries;
use Silex\Application;
use Silex\ControllerProviderInterface;
use OAuth2\Storage\Memory as OAuth2MemoryStoraage;
use OAuth2\Server as OAuth2Server;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\HttpFoundationBridge\Response as BridgeResponse;
class OAuth2Library implements ControllerProviderInterface
{
public function setup(Application $app)
{
$clients = array('oauthuser' => array(
'client_secret' => 'xkJ7ua2p9zaRQ78YxYAfTCKGUaGEfMS6'
));
$storage = new OAuth2MemoryStoraage(array('client_credentials' => $clients));
$server = new OAuth2Server($storage, array('issuer' => $_SERVER['HTTP_HOST']));
$server->addGrantType(new ClientCredentials($storage));
$app['oauth_server'] = $server;
$app['oauth_response'] = new BridgeResponse();
}
public function connect(Application $app)
{
$this->setup($app);
$routing = $app['controllers_factory'];
$routing->post('/accesstoken', 'App\Controllers\OAuthController::authorize');
return $routing;
}
}
对于给出访问令牌的函数(在另一个文件中):
namespace App\Controllers;
use OAuth2;
use Silex\Application;
use Symfony\Component\HttpFoundation\Response;
use OAuth2\HttpFoundationBridge\Request as BridgeRequest;
class OAuthController
{
public function authorize(Application $app)
{
$server = $app['oauth_server'];
$response = $app['oauth_response'];
return $server->handleTokenRequest($app['request'], $response);
//return $app->json($encoded, 200);
}
}
最后,在另一个文件中,获取资源的函数:
namespace App\Controllers;
use Silex\Application;
use Symfony\Component\HttpFoundation\Response;
use OAuth2;
class HelloController
{
public function get(Application $app)
{
$server = $app['oauth_server'];
$response = $app['oauth_response'];
if (!$server->verifyResourceRequest($app['request'], $response)) {
return $server->getResponse();
}
else
{
$result = $app['db']->fetchAssoc("select * from user");
return new Response(json_encode($result));
}
}
}
我做错了什么?谢谢!
OAuth2\Storage\Memory不会在请求之间持久化,所以你需要使用数据库(例如OAuth2\Storage\Pdo)来存储access_tokens.
您可以将 SQLite 作为单个文件与 PDO 一起用于测试:sqlite.org/onefile.html
您可以像这样实现 MySQL PDO 存储
$dsn = 'mysql:dbname=my_oauth2_db;host=localhost';
$username = 'root';
$password = '';
// error reporting (this is a demo, after all!)
ini_set('display_errors',1);error_reporting(E_ALL);
// Autoloading (composer is preferred, but for this example let's just do this)
require_once('oauth2-server-php/src/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();
// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));