mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Checkin
This commit is contained in:
parent
8a441317d9
commit
d383bc1d29
@ -2,17 +2,29 @@ Getting Started:
|
|||||||
Introduction: '/'
|
Introduction: '/'
|
||||||
Terminology: '/terminology/'
|
Terminology: '/terminology/'
|
||||||
Installation: '/installation/'
|
Installation: '/installation/'
|
||||||
Implementing storage interfaces: '/implementing-storage-interfaces/'
|
Framework Integrations: '/framework-integrations/'
|
||||||
Authorization Server:
|
Authorization Server:
|
||||||
'Which grant?': '/authorization-server/which-grant/'
|
'Which grant?': '/authorization-server/which-grant/'
|
||||||
'Authorization Code Grant': '/authorization-server/auth-code-grant/'
|
|
||||||
'Client Credentials Grant': '/authorization-server/client-credentials-grant/'
|
'Client Credentials Grant': '/authorization-server/client-credentials-grant/'
|
||||||
'Password Grant': '/authorization-server/resource-owner-password-credentials-grant/'
|
'Password Grant': '/authorization-server/resource-owner-password-credentials-grant/'
|
||||||
|
'Authorization Code Grant': '/authorization-server/auth-code-grant/'
|
||||||
|
'Implict Grant': '/authorization-server/auth-code-grant/'
|
||||||
'Refresh Token Grant': '/authorization-server/refresh-token-grant/'
|
'Refresh Token Grant': '/authorization-server/refresh-token-grant/'
|
||||||
'Server Customisation': '/authorization-server/customisation/'
|
|
||||||
'Events': '/authorization-server/events/'
|
|
||||||
'Custom token identifier generator': '/authorization-server/custom-token-identifier-generator/'
|
|
||||||
'Token types': '/token-types/'
|
|
||||||
'Custom grants': '/authorization-server/custom-grants/'
|
'Custom grants': '/authorization-server/custom-grants/'
|
||||||
|
'Events': '/authorization-server/events/'
|
||||||
Resource Server:
|
Resource Server:
|
||||||
'Securing your API': '/resource-server/securing-your-api/'
|
'Securing your API': '/resource-server/securing-your-api/'
|
||||||
|
Response Types:
|
||||||
|
'Bearer Token Response': '/'
|
||||||
|
'MAC Token Response': '/'
|
||||||
|
'Custom Response': '/'
|
||||||
|
Middleware:
|
||||||
|
'TODO': '/'
|
||||||
|
Respository Interfaces:
|
||||||
|
'Access Token Repository Interface': '/'
|
||||||
|
'Client Repository Interface': '/'
|
||||||
|
'Refresh Token Repository Interface': '/'
|
||||||
|
'Scope Repository Interface': '/'
|
||||||
|
'Auth Code Repository Interface': '/'
|
||||||
|
'User Repository Interface': '/'
|
||||||
|
'Mac Token Interface': '/'
|
||||||
|
@ -4,56 +4,64 @@ title: Authorization server with client credentials grant
|
|||||||
permalink: /authorization-server/client-credentials-grant/
|
permalink: /authorization-server/client-credentials-grant/
|
||||||
---
|
---
|
||||||
|
|
||||||
# Authorization server with client credentials grant
|
# Client credentials grant
|
||||||
|
|
||||||
|
This grant is similar to the resource owner credentials grant except only the client’s credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients.
|
||||||
|
|
||||||
|
This grant is suitable for machine-to-machine authentication, for example for use in a cron job which is performing maintenance tasks over an API. Another example would be a client making requests to an API that don’t require user’s permission.
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
Wherever you intialise your objects, initialize a new instance of the authorization server and bind the storage interfaces and authorization code grant:
|
Wherever you initialize your objects, initialize a new instance of the authorization server and bind the storage interfaces and authorization code grant:
|
||||||
|
|
||||||
~~~ php
|
{% highlight php %}
|
||||||
$server = new \League\OAuth2\Server\AuthorizationServer;
|
// Your implementation of the required repositories
|
||||||
|
$clientRepository = new ClientRepository();
|
||||||
|
$accessTokenRepository = new AccessTokenRepository();
|
||||||
|
$scopeRepository = new ScopeRepository();
|
||||||
|
|
||||||
$server->setSessionStorage(new Storage\SessionStorage);
|
$privateKeyPath = 'file://path/to/private.key';
|
||||||
$server->setAccessTokenStorage(new Storage\AccessTokenStorage);
|
$publicKeyPath = 'file://path/to/public.key';
|
||||||
$server->setClientStorage(new Storage\ClientStorage);
|
|
||||||
$server->setScopeStorage(new Storage\ScopeStorage);
|
|
||||||
|
|
||||||
$clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant();
|
// Setup the authorization server
|
||||||
$server->addGrantType($clientCredentials);
|
$server = new Server(
|
||||||
~~~
|
$clientRepository,
|
||||||
|
$accessTokenRepository,
|
||||||
|
$scopeRepository,
|
||||||
|
$privateKeyPath,
|
||||||
|
$publicKeyPath
|
||||||
|
);
|
||||||
|
|
||||||
|
// Enable the client credentials grant on the server with a token TTL of 1 hour
|
||||||
|
$server->enableGrantType(
|
||||||
|
new ClientCredentialsGrant(),
|
||||||
|
new \DateInterval('PT1H')
|
||||||
|
);
|
||||||
|
{% endhighlight %}
|
||||||
|
|
||||||
## Implementation
|
## Implementation
|
||||||
|
|
||||||
The client will request an access token so create an `/access_token` endpoint.
|
The client will request an access token so create an `/access_token` endpoint.
|
||||||
|
|
||||||
~~~ php
|
{% highlight php %}
|
||||||
$router->post('/access_token', function (Request $request) use ($server) {
|
$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
|
||||||
|
|
||||||
|
// Retrieve the authorization server from the DI container
|
||||||
|
$server = $app->getContainer()->get(Server::class);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
// A successful response with an access token
|
||||||
|
return $server->respondToRequest($request, $response);
|
||||||
|
|
||||||
$response = $server->issueAccessToken();
|
} catch (OAuthServerException $exception) {
|
||||||
return new Response(
|
// A correctly formatted OAuth error response
|
||||||
json_encode($response),
|
return $exception->generateHttpResponse($response);
|
||||||
200,
|
|
||||||
[
|
|
||||||
'Content-type' => 'application/json',
|
|
||||||
'Cache-Control' => 'no-store',
|
|
||||||
'Pragma' => 'no-store'
|
|
||||||
]
|
|
||||||
);
|
|
||||||
|
|
||||||
} catch (\Exception $e) {
|
|
||||||
|
|
||||||
return new Response(
|
|
||||||
json_encode([
|
|
||||||
'error' => $e->errorType,
|
|
||||||
'message' => $e->getMessage()
|
|
||||||
]),
|
|
||||||
$e->httpStatusCode,
|
|
||||||
$e->getHttpHeaders()
|
|
||||||
);
|
|
||||||
|
|
||||||
|
} catch (\Exception $exception) {
|
||||||
|
// An unknown server error
|
||||||
|
$body = new Stream('php://temp', 'r+');
|
||||||
|
$body->write($exception->getMessage());
|
||||||
|
return $response->withStatus(500)->withBody($body);
|
||||||
}
|
}
|
||||||
|
|
||||||
});
|
});
|
||||||
~~~
|
{% endhighlight %}
|
||||||
|
10
framework-integrations.md
Normal file
10
framework-integrations.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
layout: default
|
||||||
|
title: Framework Integrations
|
||||||
|
permalink: /framework-integrations/
|
||||||
|
---
|
||||||
|
|
||||||
|
# Framework Integrations
|
||||||
|
|
||||||
|
|
||||||
|
|
37
index.md
37
index.md
@ -5,46 +5,37 @@ title: Introduction
|
|||||||
|
|
||||||
# Introduction
|
# Introduction
|
||||||
|
|
||||||
[![Author](http://img.shields.io/badge/author-@alexbilbie-yellow.svg?style=flat-square)](https://twitter.com/alexbilbie)
|
[![Author](http://img.shields.io/badge/author-@alexbilbie-red.svg?style=flat-square)](https://twitter.com/alexbilbie)
|
||||||
[![Source Code](http://img.shields.io/badge/source-thephpleague%2Foauth2--server-blue.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server)
|
[![Source Code](http://img.shields.io/badge/source-thephpleague%2Foauth2--server-blue.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server)
|
||||||
[![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases)
|
[![GitHub tag](https://img.shields.io/github/tag/thephpleague/oauth2-server.svg)](https://github.com/thephpleague/oauth2-server/releases)
|
||||||
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)<br />
|
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
|
||||||
[![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
|
[![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
|
||||||
[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](http://oauth2.thephpleague.com/master/)
|
|
||||||
[![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
|
|
||||||
[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
|
[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
|
||||||
|
|
||||||
This library makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
|
`league/oauth2-server` is a library that makes implementing a standards compliant OAuth 2.0 server trivial. Your users can authenticate and authorize application clients, and protect your APIs.
|
||||||
|
|
||||||
It supports out of the box the following grants:
|
Out of the box it supports all of the grants defined in the [OAuth 2.0 Authorization Framework RFC](https://tools.ietf.org/html/rfc6749):
|
||||||
|
|
||||||
* Authorization code grant
|
* Authorization code grant
|
||||||
|
* Implicit grant
|
||||||
* Client credentials grant
|
* Client credentials grant
|
||||||
* Resource owner password credentials grant
|
* Resource owner password credentials grant
|
||||||
* Refresh grant
|
* Refresh grant
|
||||||
|
|
||||||
You can also define your own grants.
|
You can also easily make your own [custom grants]().
|
||||||
|
|
||||||
In addition it supports the following token types:
|
Both JWT bearer token and MAC token response types are supported too.
|
||||||
|
|
||||||
* Bearer tokens
|
This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](https://twitter.com/alexbilbie).
|
||||||
* MAC tokens
|
|
||||||
* JSON web tokens (coming soon)
|
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
|
|
||||||
The changelog can be viewed here - [https://github.com/thephpleague/oauth2-server/blob/master/CHANGELOG.md](https://github.com/thephpleague/oauth2-server/blob/master/CHANGELOG.md).
|
The full changelog can be viewed here - [https://github.com/thephpleague/oauth2-server/releases](https://github.com/thephpleague/oauth2-server/releases).
|
||||||
|
|
||||||
The latest release is `4.1.3` (released 2015-03-22):
|
The latest release is [![GitHub tag](https://img.shields.io/github/tag/thephpleague/oauth2-server.svg)](https://github.com/thephpleague/oauth2-server/releases)
|
||||||
|
|
||||||
* Docblock, namespace and inconsistency fixes (Issue #303)
|
## Support
|
||||||
* Docblock type fix (Issue #310)
|
|
||||||
* Example bug fix (Issue #300)
|
|
||||||
* Updated league/event to ~2.1 (Issue #311)
|
|
||||||
* Fixed missing session scope (Issue #319)
|
|
||||||
* Updated interface docs (Issue #323)
|
|
||||||
* `.travis.yml` updates
|
|
||||||
|
|
||||||
## Questions?
|
Please ask questions on the [Github issues page](https://github.com/thephpleague/oauth2-server/issues).
|
||||||
|
|
||||||
This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](https://twitter.com/alexbilbie).
|
For commercial support and custom implementations please visit [Protobytes](https://protobytes.uk/oauth).
|
||||||
|
@ -6,12 +6,23 @@ permalink: /installation/
|
|||||||
|
|
||||||
# Installation
|
# Installation
|
||||||
|
|
||||||
The recommended installation method is via Composer.
|
The recommended installation method is using [Composer](https://getcomposer.org).
|
||||||
|
|
||||||
|
The following versions of PHP are supported:
|
||||||
|
|
||||||
|
* PHP 5.5 (>=5.5.9)
|
||||||
|
* PHP 5.6
|
||||||
|
* PHP 7.0
|
||||||
|
* HHVM
|
||||||
|
|
||||||
In your project root just run:
|
In your project root just run:
|
||||||
|
|
||||||
~~~shell
|
{% highlight shell %}
|
||||||
$ composer require league/oauth2-server
|
$ composer require league/oauth2-server
|
||||||
~~~
|
{% endhighlight %}
|
||||||
|
|
||||||
Ensure that you’ve set up your project to [autoload Composer-installed packages](https://getcomposer.org/doc/00-intro.md#autoloading).
|
Ensure that you’ve set up your project to [autoload Composer-installed packages](https://getcomposer.org/doc/00-intro.md#autoloading).
|
||||||
|
|
||||||
|
Depending on [which grant]() you are implementing you will need to implement a number of repository interfaces. Each grant documentation page lists which repositories are required, and each repository interface has it's own documentation page.
|
||||||
|
|
||||||
|
The repositories are expected to return (on success) instances of [entity interfaces](https://github.com/thephpleague/oauth2-server/tree/V5-WIP/src/Entities/Interfaces); to make integration with your existing entities and models as easy as possible though, all required methods have been implemented as traits that you can use.
|
@ -13,3 +13,4 @@ permalink: /terminology/
|
|||||||
* `Grant` - A grant is a method of acquiring an access token.
|
* `Grant` - A grant is a method of acquiring an access token.
|
||||||
* `Resource server` - A server which sits in front of protected resources (for example "tweets", users' photos, or personal data) and is capable of accepting and responsing to protected resource requests using access tokens.
|
* `Resource server` - A server which sits in front of protected resources (for example "tweets", users' photos, or personal data) and is capable of accepting and responsing to protected resource requests using access tokens.
|
||||||
* `Scope` - A permission.
|
* `Scope` - A permission.
|
||||||
|
* `JWT` - A JSON Web Token is a method for representing claims securely between two parties as defined in [RFC 7519](https://tools.ietf.org/html/rfc7519).
|
||||||
|
Loading…
Reference in New Issue
Block a user