原作者没有详细的备注,令人难于使用,下面我将添加些许的备注
A wrapper for implementing an OAuth2 Server(https://github.com/bshaffer/oauth2-server-php)
The preferred way to install this extension is through composer.
Either run
php composer.phar require --prefer-dist filsh/yii2-oauth2-server "*"or add
"filsh/yii2-oauth2-server": "^2.0"to the require section of your composer.json.
To use this extension, simply add the following code in your application configuration:
'bootstrap' => ['oauth2'],
'modules' => [
'oauth2' => [
'class' => 'filsh\yii2\oauth2server\Module',
'tokenParamName' => 'accessToken',
'tokenAccessLifetime' => 3600 * 24,
'storageMap' => [
'user_credentials' => 'common\models\User',
],
'grantTypes' => [
'user_credentials' => [
'class' => 'OAuth2\GrantType\UserCredentials',
],
'refresh_token' => [
'class' => 'OAuth2\GrantType\RefreshToken',
'always_issue_new_refresh_token' => true
]
]
]
]common\models\User - user model implementing an interface \OAuth2\Storage\UserCredentialsInterface, so the oauth2 credentials data stored in user table
The next step you should run migration
yii migrate --migrationPath=@vendor/filsh/yii2-oauth2-server/src/migrationsthis migration creates the oauth2 database scheme and insert test user credentials testclient:testpass for http://fake/
add url rule to urlManager
'urlManager' => [
'rules' => [
'POST oauth2/<action:\w+>' => 'oauth2/rest/<action>',
...
]
]我的版本是这样的,在文件/backend/config/main.php (你可能是:/api/config/main.php):
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'rules' => [
'POST oauth2/<action:\w+>' => 'oauth2/rest/<action>',
],
],You can pass additional OAuth2 Server options by setting options property on the module. These options configure as the underlying OAuth2 Server also as various parts/components of bshaffer/oauth2-server-php.
As an example, you can configure authorization code lifetime in a response by setting auth_code_lifetime option.
Some of them are implemented as standalone properties on the module: tokenParamName => use_jwt_access_tokens, tokenAccessLifetime => token_param_name, useJwtToken => access_lifetime.
Full list of options are supported by the underlying OAuth2 Server main component - source code. Options for various components spread across bshaffer/oauth2-server-php source code.
To use this extension, simply add the behaviors for your base controller:
use yii\helpers\ArrayHelper;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;
use filsh\yii2\oauth2server\filters\ErrorToExceptionFilter;
use filsh\yii2\oauth2server\filters\auth\CompositeAuth;
class Controller extends \yii\rest\Controller
{
/**
* @inheritdoc
*/
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(), [
'authenticator' => [
'class' => CompositeAuth::className(),
'authMethods' => [
['class' => HttpBearerAuth::className()],
['class' => QueryParamAuth::className(), 'tokenParam' => 'accessToken'],
]
],
'exceptionFilter' => [
'class' => ErrorToExceptionFilter::className()
],
]);
}
}以上我的做法是这样的: 创建一个文件:/common/backend/BackendController.php
<?php
namespace common\backend;
use yii;
use yii\helpers\ArrayHelper;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;
use filsh\yii2\oauth2server\filters\ErrorToExceptionFilter;
use filsh\yii2\oauth2server\filters\auth\CompositeAuth;
use \yii\rest\Controller;
class BackendController extends Controller
{
/**
* @inheritdoc
*/
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(), [
'authenticator' => [
'class' => CompositeAuth::className(),
'authMethods' => [
['class' => HttpBearerAuth::className()],
['class' => QueryParamAuth::className(), 'tokenParam' => 'accessToken'],
]
],
'exceptionFilter' => [
'class' => ErrorToExceptionFilter::className()
],
]);
}
}然后,在文件/backend/controllers/SiteController.php 使你想要颁发token的类继承于\common\backend\BackendController,而不是yii\web\Controller class SiteController extends \common\backend\BackendController 在该类SiteController里面添加一个函数(如下一步的做法,下一步是相同的,就不需要重复添加actionAuthorize()函数了):
/**
* @return mixed
*/
public function actionAuthorize()
{
if (Yii::$app->getUser()->getIsGuest())
return $this->redirect('login');
/** @var $module \filsh\yii2\oauth2server\Module */
$module = Yii::$app->getModule('oauth2');
$response = $module->getServer()->handleAuthorizeRequest(null, null, !Yii::$app->getUser()->getIsGuest(), Yii::$app->getUser()->getId());
/** @var object $response \OAuth2\Response */
Yii::$app->getResponse()->format = \yii\web\Response::FORMAT_JSON;
return $response->getParameters();
}再然后,在/common/models/User.php 使你想保存用户数据的User model类继承于抽象类:\OAuth2\Storage\UserCredentialsInterface(同时保留原有的\yii\web\IdentityInterface) class User extends ActiveRecord implements \yii\web\IdentityInterface,\OAuth2\Storage\UserCredentialsInterface 并在文件里面实现以下三个函数:
/**
* Implemented for Oauth2 Interface
*/
public static function findIdentityByAccessToken($token, $type = null)
{
/** @var \filsh\yii2\oauth2server\Module $module */
$module = Yii::$app->getModule('oauth2');
$token = $module->getServer()->getResourceController()->getToken();
return !empty($token['user_id'])
? static::findIdentity($token['user_id'])
: null;
}
/**
* Implemented for Oauth2 Interface
*/
public function checkUserCredentials($username, $password)
{
$user = static::findByUsername($username);
if (empty($user)) {
return false;
}
return $user->validatePassword($password);
}
/**
* Implemented for Oauth2 Interface
*/
public function getUserDetails($username)
{
$user = static::findByUsername($username);
return ['user_id' => $user->getId()];
}此时你应该完成了,但坑还是有的,请留意
【测试方法】 请不要使用chrome等浏览器直接访问,请下载Postman(https://www.postman.com/downloads/)等软件测试, 测试准备:
1) User Model对应的表User(或oauth_users表),有一条数据,
例如:user_name:lily,password_hash:123456的hash加密值,
你必须知道这条数据的原始密码,不知道就自己想办法模拟插入;
2) 表oauth_clients也必须有数据,例如:client_id:testclient,client_secret:testpass (这里需要注意:原作者插入的数据与说明文档的访问地址不一致,注意大小写,可以自己随意修改)
3) 打开postman软件选择POST方式(不是GET);
4) URL填:http://localhost/oauth2/token (例如localhost能访问到你的项目)
一、使用密码式(即grant_type=password)获取Token 1)在Body里面使用如下的key-value:
grant_type:password
username:lily
password:123456
client_id:testclient
client_secret:testpass
- 点击Send按钮,Bingo ! 如果顺利的话,你就会得到类似如下的数据:
{
"access_token": "6b7225b47ce294c2c9fe362ed7ace3be6ac22e27",
"expires_in": 86400,
"token_type": "Bearer",
"scope": null,
"refresh_token": "afccb2ce48cd35d4b96df561b5ca0e4755dfde82"
}二、更新令牌(即grant_type=refresh_token)获取Token (获取上一步骤的结果refresh_token,作为本次的一个参数发送) 1)在Body里面使用如下的key-value:
grant_type:refresh_token
client_id:testclient
client_secret:testpass
refresh_token:afccb2ce48cd35d4b96df561b5ca0e4755dfde82
- 点击Send按钮,Bingo !如果顺利的话,你就会得到类似如下的数据:
{
"access_token": "6b7225b47ce294c2c9fe362ed7ace3be6dc22115",
"expires_in": 86400,
"token_type": "Bearer",
"scope": null,
"refresh_token": "afccb2ce48cd35d4b96df561b5ca0e47556f88"
}Create action authorize in site controller for Authorization Code
https://api.mysite.com/authorize?response_type=code&client_id=TestClient&redirect_uri=https://fake/
/**
* SiteController
*/
class SiteController extends Controller
{
/**
* @return mixed
*/
public function actionAuthorize()
{
if (Yii::$app->getUser()->getIsGuest())
return $this->redirect('login');
/** @var $module \filsh\yii2\oauth2server\Module */
$module = Yii::$app->getModule('oauth2');
$response = $module->getServer()->handleAuthorizeRequest(null, null, !Yii::$app->getUser()->getIsGuest(), Yii::$app->getUser()->getId());
/** @var object $response \OAuth2\Response */
Yii::$app->getResponse()->format = \yii\web\Response::FORMAT_JSON;
return $response->getParameters();
}
}Also, if you set allow_implicit => true in the options property of the module, you can use Implicit Grant Type - see more
Request example:
https://api.mysite.com/authorize?response_type=token&client_id=TestClient&redirect_uri=https://fake/cb
With redirect response:
https://fake/cb#access_token=2YotnFZFEjr1zCsicMWpAA&state=xyz&token_type=bearer&expires_in=3600
If you want to get Json Web Token (JWT) instead of conventional token, you will need to set 'useJwtToken' => true in module and then define two more configurations:
'public_key' => 'app\storage\PublicKeyStorage' which is the class that implements PublickKeyInterface and 'access_token' => 'OAuth2\Storage\JwtAccessToken' which implements JwtAccessTokenInterface.php
For Oauth2 base library provides the default access_token which works great except. Just use it and everything will be fine.
and public_key
<?php
namespace app\storage;
class PublicKeyStorage implements \OAuth2\Storage\PublicKeyInterface{
private $pbk = null;
private $pvk = null;
public function __construct()
{
$this->pvk = file_get_contents('privkey.pem', true);
$this->pbk = file_get_contents('pubkey.pem', true);
}
public function getPublicKey($client_id = null){
return $this->pbk;
}
public function getPrivateKey($client_id = null){
return $this->pvk;
}
public function getEncryptionAlgorithm($client_id = null){
return 'RS256';
}
}For more, see https://github.com/bshaffer/oauth2-server-php
The original author of this package Igor Maliy . At the time the project maintainer is Vardan Pogosian.