Updated grant examples

This commit is contained in:
Alex Bilbie 2016-04-10 17:04:24 +01:00
parent db841fbe9f
commit 5ae8a79719
5 changed files with 68 additions and 147 deletions

View File

@ -57,7 +57,6 @@ $scopeRepository = new ScopeRepository();
$accessTokenRepository = new AccessTokenRepository(); $accessTokenRepository = new AccessTokenRepository();
$authCodeRepository = new AuthCodeRepository(); $authCodeRepository = new AuthCodeRepository();
$refreshTokenRepository = new RefreshTokenRepository(); $refreshTokenRepository = new RefreshTokenRepository();
$userRepository = new UserRepository();
// Path to public and private keys // Path to public and private keys
$privateKey = 'file://path/to/private.key'; $privateKey = 'file://path/to/private.key';
@ -79,7 +78,6 @@ $server->enableGrantType(
new \League\OAuth2\Server\Grant\AuthCodeGrant( new \League\OAuth2\Server\Grant\AuthCodeGrant(
$authCodeRepository, $authCodeRepository,
$refreshTokenRepository, $refreshTokenRepository,
$userRepository,
new \DateInterval('PT10M') new \DateInterval('PT10M')
), ),
new \DateInterval('PT1H') new \DateInterval('PT1H')
@ -88,17 +86,54 @@ $server->enableGrantType(
## Implementation ## Implementation
The client will request an access token so create an `/oauth2` endpoint. The client will redirect the user to an authorization endpoint.
{% highlight php %} {% highlight php %}
$app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { $app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
try {
// Validate the HTTP request and return an AuthorizationRequest object.
$authRequest = $server->validateAuthorizationRequest($request);
// The auth request object can be serialized and saved into a user's session.
// You will probably want to redirect the user at this point to a login endpoint.
// Once the user has logged in set the user on the AuthorizationRequest
$authRequest->setUser(new UserEntity());
// At this point you should redirect the user to an authorization page.
// This form will ask the user to approve the client and the scopes requested.
// Once the user has approved or denied the client update the status
// (true = approved, false = denied)
$authRequest->setAuthorizationApproved(true);
// Return the HTTP redirect response
return $server->completeAuthorizationRequest($authRequest, $response);
} catch (OAuthServerException $exception) {
return $exception->generateHttpResponse($response);
} catch (\Exception $exception) {
$body = new Stream('php://temp', 'r+');
$body->write($exception->getMessage());
return $response->withStatus(500)->withBody($body);
}
});
{% endhighlight %}
The client will request an access token using an authorization code so create an `/access_token` endpoint.
{% highlight php %}
$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */ /* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class); $server = $app->getContainer()->get(Server::class);
// Try to respond to the request // Try to respond to the request
try { try {
return $server->respondToRequest($request, $response); return $server->respondToAccessTokenRequest($request, $response);
} catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) { } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);
@ -111,65 +146,3 @@ $app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterfa
}); });
{% endhighlight %} {% endhighlight %}
## Modify the login and authorize pages
You can easily modify the HTML pages used by the authorization server. The library comes with built-in support for Twig, Smarty, Mustache and Plates templates.
The default implementation uses `league/plates` and has some [very basic HTML templates](https://github.com/thephpleague/oauth2-server/tree/V5-WIP/src/TemplateRenderer/DefaultTemplates).
The login template has the following variable available:
* `error` (null or a string) - Set if there was an error with the login
The form inputs must be called `username` and `password` and must be POSTed.
The authorize template has the following variable available:
* `client` - The name of the client the user is authorizing
* `scopes` - An array of ScopeEntityInterface. Use `getIdentifier` to get a string you can print
The form must be POSTed with an input named `action` with the value `approve` if the user approves the client.
### Using Plates with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\PlatesRenderer(
new Engine('/path/to/templates'),
'login_template_name',
'authorize_template_name'
);
$authCodeGrant->setTemplateRenderer($renderer);
{% endhighlight %}
### Using Twig with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\TwigRenderer(
$environment, // instance of Twig_Environment
'login_template_name',
'authorize_template_name'
);
$authCodeGrant->setTemplateRenderer($renderer);
{% endhighlight %}
### Using Smarty with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\SmartyRenderer(
$smarty, // instance of \Smarty
'login_template_name',
'authorize_template_name'
);
$authCodeGrant->setTemplateRenderer($renderer);
{% endhighlight %}
### Using Mustache with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\MustacheRenderer(
$engine, // instance of \Mustache_Engine
'login_template_name',
'authorize_template_name'
);
$authCodeGrant->setTemplateRenderer($renderer);
{% endhighlight %}

View File

@ -67,7 +67,7 @@ $app->post('/access_token', function (ServerRequestInterface $request, ResponseI
// Try to respond to the request // Try to respond to the request
try { try {
return $server->respondToRequest($request, $response); return $server->respondToAccessTokenRequest($request, $response);
} catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) { } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);

View File

@ -61,27 +61,38 @@ $server = new \League\OAuth2\Server\Server(
); );
// Enable the implicit grant on the server with a token TTL of 1 hour // Enable the implicit grant on the server with a token TTL of 1 hour
$server->enableGrantType( $server->enableGrantType(new ImplicitGrant(new \DateInterval('PT1H')));
new ImplicitGrant($userRepository),
new \DateInterval('PT1H')
);
{% endhighlight %} {% endhighlight %}
## Implementation ## Implementation
The client will request an access token so create an `/oauth2` endpoint. The client will redirect the user to an authorization endpoint.
{% highlight php %} {% highlight php %}
$app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { $app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */ /* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class); $server = $app->getContainer()->get(Server::class);
// Try to respond to the request
try { try {
return $server->respondToRequest($request, $response); // Validate the HTTP request and return an AuthorizationRequest object.
$authRequest = $server->validateAuthorizationRequest($request);
} catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) { // The auth request object can be serialized and saved into a user's session.
// You will probably want to redirect the user at this point to a login endpoint.
// Once the user has logged in set the user on the AuthorizationRequest
$authRequest->setUser(new UserEntity());
// At this point you should redirect the user to an authorization page.
// This form will ask the user to approve the client and the scopes requested.
// Once the user has approved or denied the client update the status
// (true = approved, false = denied)
$authRequest->setAuthorizationApproved(true);
// Return the HTTP redirect response
return $server->completeAuthorizationRequest($authRequest, $response);
} catch (OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);
} catch (\Exception $exception) { } catch (\Exception $exception) {
@ -91,66 +102,3 @@ $app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterfa
} }
}); });
{% endhighlight %} {% endhighlight %}
## Modify the login and authorize pages
You can easily modify the HTML pages used by the authorization server. The library comes with built-in support for Twig, Smarty, Mustache and Plates templates.
The default implementation uses `league/plates` and has some [very basic HTML templates](https://github.com/thephpleague/oauth2-server/tree/V5-WIP/src/TemplateRenderer/DefaultTemplates).
The login template has the following variable available:
* `error` (null or a string) - Set if there was an error with the login
The form inputs must be called `username` and `password` and must be POSTed.
The authorize template has the following variable available:
* `client` - The name of the client the user is authorizing
* `scopes` - An array of ScopeEntityInterface. Use `getIdentifier` to get a string you can print
The form must be POSTed with an input named `action` with the value `approve` if the user approves the client.
### Using Plates with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\PlatesRenderer(
new Engine('/path/to/templates'),
'login_template_name',
'authorize_template_name'
);
$implicitGrant->setTemplateRenderer($renderer);
{% endhighlight %}
### Using Twig with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\TwigRenderer(
$environment, // instance of Twig_Environment
'login_template_name',
'authorize_template_name'
);
$implicitGrant->setTemplateRenderer($renderer);
{% endhighlight %}
### Using Smarty with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\SmartyRenderer(
$smarty, // instance of \Smarty
'login_template_name',
'authorize_template_name'
);
$implicitGrant->setTemplateRenderer($renderer);
{% endhighlight %}
### Using Mustache with custom templates
{% highlight php %}
$renderer = new \League\OAuth2\Server\TemplateRenderer\MustacheRenderer(
$engine, // instance of \Mustache_Engine
'login_template_name',
'authorize_template_name'
);
$implicitGrant->setTemplateRenderer($renderer);
{% endhighlight %}

View File

@ -77,7 +77,7 @@ $app->post('/access_token', function (ServerRequestInterface $request, ResponseI
// Try to respond to the request // Try to respond to the request
try { try {
return $server->respondToRequest($request, $response); return $server->respondToAccessTokenRequest($request, $response);
} catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) { } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);

View File

@ -69,7 +69,7 @@ $app->post('/access_token', function (ServerRequestInterface $request, ResponseI
// Try to respond to the request // Try to respond to the request
try { try {
return $server->respondToRequest($request, $response); return $server->respondToAccessTokenRequest($request, $response);
} catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) { } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
return $exception->generateHttpResponse($response); return $exception->generateHttpResponse($response);