PHP搭建OAuth服务

牛又面 發表於 2019-5-14 17:02:00

自己写OAuth后台太麻烦，直接拉取gitbub现成的。拉取活跃度比较高的bshaffer/oauth2-server-php
注：以下编码是Oauth四种认证中的第四种：凭证式。想了解其他几种方式，请移步阮一峰大大的博客http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html?utm_source=tuicool&utm_medium=referral
<img src="https://img2018.cnblogs.com/blog/1515577/201905/1515577-20190514161224394-2030889502.png">
1、首先拉取代码 https://github.com/bshaffer/oauth2-server-php.git
2、在编码之前先导入数据库
<div class="cnblogs_code">
<pre>CREATE TABLE `oauth_clients` (
`client_id` varchar(80) NOT NULL,
`client_secret` varchar(80) DEFAULT NULL,
`redirect_uri` varchar(2000) DEFAULT NULL,
`grant_types` varchar(80) DEFAULT NULL,
`scope` varchar(4000) DEFAULT NULL,
`user_id` varchar(80) DEFAULT NULL,
PRIMARY KEY (`client_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `oauth_jwt` (
`client_id` varchar(80) NOT NULL,
`subject` varchar(80) DEFAULT NULL,
`public_key` varchar(2000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `oauth_refresh_tokens` (
`refresh_token` varchar(40) NOT NULL,
`client_id` varchar(80) NOT NULL,
`user_id` varchar(80) DEFAULT NULL,
`expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`scope` varchar(4000) DEFAULT NULL,
PRIMARY KEY (`refresh_token`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `oauth_scopes` (
`scope` varchar(80) NOT NULL,
`is_default` tinyint(1) DEFAULT NULL,
PRIMARY KEY (`scope`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `oauth_users` (
`username` varchar(80) DEFAULT NULL,
`password` varchar(80) DEFAULT NULL,
`first_name` varchar(80) DEFAULT NULL,
`last_name` varchar(80) DEFAULT NULL,
`email` varchar(80) DEFAULT NULL,
`email_verified` tinyint(1) DEFAULT NULL,
`scope` varchar(4000) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

CREATE TABLE `oauth_access_tokens` (
`access_token` varchar(40) NOT NULL,
`client_id` varchar(80) NOT NULL,
`user_id` varchar(80) DEFAULT NULL,
`expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`scope` varchar(4000) DEFAULT NULL,
PRIMARY KEY (`access_token`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;</pre>
</div>
3、在站点创建oauthConf.php（创建和配置OAuth的实例）
<div class="cnblogs_code">
<pre>$conf = [
'dsn' => 'mysql:dbname=open;host=127.0.0.1:3808',
'username' => 'root',
'password' => 'root'
];

// Autoloading (composer is preferred, but for this example let's just do this)
require_once('oauth2-server/src/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();

// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo($conf);

// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);

// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));

// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));</pre>
</div>
4、获取令牌前，先向数据库插入一条测试数据
<div class="cnblogs_code">
<pre>INSERT INTO oauth_clients (client_id, client_secret, redirect_uri) VALUES ("arthurtest", "arthurpass", "http://arthur/");</pre>
</div>
 
5、创建getToken.php（注：使用POST方法获取accessToken）
<div class="cnblogs_code">
<pre><?php
// include our OAuth2 Server object
require_once __DIR__.'/server.php';

// Handle a request for an OAuth2.0 Access Token and send the response to the client
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();</pre>
</div>
6、执行getToken.php 获得access_token（注：需传入基本参数如下）：
参数：
<table style="background-color: rgba(153, 204, 204, 1); height: 87px; width: 1010px" border="1" cellspacing="1" cellpadding="1" align="left">
<tbody>
<tr>
<td style="text-align: center">respose_type</td>
<td style="text-align: center"> authorization_code 标准的授权模式  password 基于用户密码的授权模式  client_credentials 基于密钥的授权模式  refresh_token 刷新token</td>
</tr>
<tr>
<td style="text-align: center">client_id</td>
<td style="text-align: center">应用id</td>
</tr>
<tr>
<td style="text-align: center">redirect_uri</td>
<td style="text-align: center">回调地址</td>
</tr>
</tbody>
</table>
 
 
 
 
结果：
<div class="cnblogs_code" style="text-align: left">
<pre>{
"access_token": "20dc6de50b4136430a4b391e49cb7f7d94e2fdf6",
"expires_in": 3600,
"token_type": "Bearer",
"scope": null
}</pre>
</div>
7、现在已经拿到了令牌，就可以调用接口了，我们可以使用以下代码进行token合法验证
<div class="cnblogs_code">
<pre><?php
// include our OAuth2 Server object
require_once __DIR__.'/server.php';

// Handle a request to a resource and authenticate the access token
if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {
$server->getResponse()->send();
echo json_encode(array('success' => true, 'message' => 'You accessed my APIs!'));</pre>
</div> 
来源：https://www.cnblogs.com/arthurdou/p/10863220.html

頁: [1]

琼殿技术论坛's Archiver

PHP搭建OAuth服务