documentation for PR #502

This commit is contained in:
Julián Gutiérrez 2016-03-29 10:05:49 +02:00
parent 3aeefe7d22
commit 0e96a35f43
6 changed files with 75 additions and 51 deletions

View File

@ -60,16 +60,18 @@ $refreshTokenRepository = new RefreshTokenRepository();
$userRepository = new UserRepository(); $userRepository = new UserRepository();
// Path to public and private keys // Path to public and private keys
$privateKeyPath = 'file://path/to/private.key'; $privateKey = 'file://path/to/private.key';
$publicKeyPath = 'file://path/to/public.key'; // Private key with passphrase if needed
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase');
$publicKey = 'file://path/to/public.key';
// Setup the authorization server // Setup the authorization server
$server = new \League\OAuth2\Server\Server( $server = new \League\OAuth2\Server\Server(
$clientRepository, $clientRepository,
$accessTokenRepository, $accessTokenRepository,
$scopeRepository, $scopeRepository,
$privateKeyPath, $privateKey,
$publicKeyPath $publicKey
); );
// Enable the authentication code grant on the server with a token TTL of 1 hour // Enable the authentication code grant on the server with a token TTL of 1 hour

View File

@ -34,16 +34,18 @@ $accessTokenRepository = new AccessTokenRepository();
$scopeRepository = new ScopeRepository(); $scopeRepository = new ScopeRepository();
// Path to public and private keys // Path to public and private keys
$privateKeyPath = 'file://path/to/private.key'; $privateKey = 'file://path/to/private.key';
$publicKeyPath = 'file://path/to/public.key'; // Private key with passphrase if needed
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase');
$publicKey = 'file://path/to/public.key';
// Setup the authorization server // Setup the authorization server
$server = new \League\OAuth2\Server\Server( $server = new \League\OAuth2\Server\Server(
$clientRepository, $clientRepository,
$accessTokenRepository, $accessTokenRepository,
$scopeRepository, $scopeRepository,
$privateKeyPath, $privateKey,
$publicKeyPath $publicKey
); );
// Enable the client credentials grant on the server with a token TTL of 1 hour // Enable the client credentials grant on the server with a token TTL of 1 hour

View File

@ -46,16 +46,18 @@ $accessTokenRepository = new AccessTokenRepository();
$userRepository = new UserRepository(); $userRepository = new UserRepository();
// Path to public and private keys // Path to public and private keys
$privateKeyPath = 'file://path/to/private.key'; $privateKey = 'file://path/to/private.key';
$publicKeyPath = 'file://path/to/public.key'; // Private key with passphrase if needed
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase');
$publicKey = 'file://path/to/public.key';
// Setup the authorization server // Setup the authorization server
$server = new \League\OAuth2\Server\Server( $server = new \League\OAuth2\Server\Server(
$clientRepository, $clientRepository,
$accessTokenRepository, $accessTokenRepository,
$scopeRepository, $scopeRepository,
$privateKeyPath, $privateKey,
$publicKeyPath $publicKey
); );
// Enable the implicit grant on the server with a token TTL of 1 hour // Enable the implicit grant on the server with a token TTL of 1 hour

View File

@ -41,16 +41,18 @@ $userRepository = new UserRepository();
$refreshTokenRepository = new RefreshTokenRepository(); $refreshTokenRepository = new RefreshTokenRepository();
// Path to public and private keys // Path to public and private keys
$privateKeyPath = 'file://path/to/private.key'; $privateKey = 'file://path/to/private.key';
$publicKeyPath = 'file://path/to/public.key'; // Private key with passphrase if needed
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase');
$publicKey = 'file://path/to/public.key';
// Setup the authorization server // Setup the authorization server
$server = new \League\OAuth2\Server\Server( $server = new \League\OAuth2\Server\Server(
$clientRepository, $clientRepository,
$accessTokenRepository, $accessTokenRepository,
$scopeRepository, $scopeRepository,
$privateKeyPath, $privateKey,
$publicKeyPath $publicKey
); );
// Enable the password grant on the server with an access token TTL of 1 hour // Enable the password grant on the server with an access token TTL of 1 hour

View File

@ -36,16 +36,18 @@ $scopeRepository = new ScopeRepository();
$refreshTokenRepository = new RefreshTokenRepository(); $refreshTokenRepository = new RefreshTokenRepository();
// Path to public and private keys // Path to public and private keys
$privateKeyPath = 'file://path/to/private.key'; $privateKey = 'file://path/to/private.key';
$publicKeyPath = 'file://path/to/public.key'; // Private key with passphrase if needed
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase');
$publicKey = 'file://path/to/public.key';
// Setup the authorization server // Setup the authorization server
$server = new \League\OAuth2\Server\Server( $server = new \League\OAuth2\Server\Server(
$clientRepository, $clientRepository,
$accessTokenRepository, $accessTokenRepository,
$scopeRepository, $scopeRepository,
$privateKeyPath, $privateKey,
$publicKeyPath $publicKey
); );
// Enable the refresh token grant on the server with a token TTL of 1 hour // Enable the refresh token grant on the server with a token TTL of 1 hour

View File

@ -18,7 +18,7 @@ The following versions of PHP are supported:
In your project root just run: In your project root just run:
{% highlight shell %} {% highlight shell %}
$ $ composer require league/oauth2-server:5.0.0-RC1 composer require league/oauth2-server:5.0.0-RC1
{% endhighlight %} {% endhighlight %}
Ensure that youve set up your project to [autoload Composer-installed packages](https://getcomposer.org/doc/00-intro.md#autoloading). Ensure that youve set up your project to [autoload Composer-installed packages](https://getcomposer.org/doc/00-intro.md#autoloading).
@ -35,12 +35,26 @@ To generate the private key run this command on the terminal:
openssl genrsa -out private.key 1024 openssl genrsa -out private.key 1024
{% endhighlight %} {% endhighlight %}
If you want to provide a passphrase for your private key run this command instead:
{% highlight shell %}
openssl genrsa -passout pass:_passphrase_ -out private.key 1024
{% endhighlight %}
then extract the public key from the private key: then extract the public key from the private key:
{% highlight shell %} {% highlight shell %}
openssl rsa -in private.key -pubout > public.key openssl rsa -in private.key -pubout -out public.key
{% endhighlight %}
or use your passphrase if provided on private key generation:
{% highlight shell %}
openssl rsa -in private.key -passin pass:_passphrase_ -pubout -out public.key
{% endhighlight %} {% endhighlight %}
The private key must be kept secret (i.e. out of the web-root of the authorization server). The authorization server also requires the public key. The private key must be kept secret (i.e. out of the web-root of the authorization server). The authorization server also requires the public key.
If a passphrase has been used to generate private key it must be provided to the authorization server.
The public key should be distributed to any services (for example resource servers) that validate access tokens. The public key should be distributed to any services (for example resource servers) that validate access tokens.