This article introduces the practical content of oauth2 in PHP. It is shared here with everyone and also for reference by those in need. Now let’s take a look together
For example, if the third party obtains some services through the user account and password, it will easily lead to leakage
It is necessary to solve the problem of how long the authorization time range is and how big the scope of this authorization is
Also, it has authorized other third-party applications. If the user changes the password, the third-party function will become invalid
The client must obtain the user's authorization (authorization grant) to obtain the token (access token) . OAuth 2.0 defines four authorization methods.
Authorization code mode
Simplified mode (implicit)
Password mode (resource owner password credentials) We use this
Client mode (client credentials)
The user accesses the client, and the client applies for authorization from the user
The user agrees to authorize
obtained in the previous step Authorization, the client applies for a token from the server
After the server confirms that it is correct, it issues the token to the client
The client gets the token After that, you can apply for the corresponding resources from the server
After the server determines whether the token is confirmed, it opens the resources to the client for access
Summary: In fact, the second step above is the 4 authorization methods, and password authorization is used. This authorization requires a high level of trust from the client. In fact, it means taking the user account and password to the server to apply for a token, and returning the token after it is correct. to the client.
{"error":"invalid_client","error_description":"The client credentials are invalid"}Solution:
is required in the database There are two parameters, client_id and client_screct
When making a request, the body must bring the values of these two parameters
1. Set the configuration of the RefreshToken class:
$grantType1 = new RefreshToken($storage, array( 'always_issue_new_refresh_token' => false #这个可以防止每次生成新的refresh_token
));Reference resources:
Official document
github URL
The implementation logic of oauth
For example, if the third party obtains some services through the user account and password, it will easily lead to leakage
Need to figure out how long the authorization time range is and how big the scope of authorization is
Also, it has authorized other third-party applications. If the user changes the password, the third-party application will be affected. The three-party function is invalid
The client must obtain the user's authorization (authorization grant) to obtain the token (access token). OAuth 2.0 defines four authorization methods.
Authorization code mode
Simplified mode (implicit)
Password mode (resource owner password credentials) We use this
Client mode (client credentials)
The user accesses the client, and the client applies for authorization from the user
The user agrees to authorize
obtained in the previous step Authorization, the client applies for a token from the server
After the server confirms that it is correct, it issues the token to the client
The client gets the token After that, you can apply for the corresponding resources from the server
After the server determines whether the token is confirmed, it opens the resources to the client for access
Summary: In fact, the second step above is the 4 authorization methods, and password authorization is used. This authorization requires a high level of trust from the client. In fact, it means taking the user account and password to the server to apply for a token, and returning the token after it is correct. to the client.
{"error":"invalid_client","error_description":"The client credentials are invalid"}Solution:
is required in the database There are two parameters, client_id and client_screct
When making a request, the body must bring the values of these two parameters
1. Set the configuration of the RefreshToken class:
$grantType1 = new RefreshToken($storage, array( 'always_issue_new_refresh_token' => false #这个可以防止每次生成新的refresh_token
));Reference resources:
Related recommendations:
PHP access QQ and log in to OAuth2.0 Problems encountered
The above is the detailed content of oauth2 practice in php. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
