The best way to implement OAuth2.0 using PHP

王林
Release: 2023-06-08 09:10:02
Original
1846 people have browsed it

OAuth2.0 is a protocol used to authorize third-party applications to access user resources. It is now widely used in the Internet field. With the development of Internet business, more and more applications need to support the OAuth2.0 protocol. This article will introduce the best way to implement the OAuth2.0 protocol using PHP.

1. Basic knowledge of OAuth2.0

Before introducing the implementation method of OAuth2.0, we need to understand some basic knowledge of OAuth2.0.

  1. Authorization type

The OAuth2.0 protocol defines 4 different authorization types: authorization code mode (authorization code), implicit authorization mode (implicit grant), Password mode (resource owner password credentials) and client mode (client credentials). Different authorization types are suitable for different scenarios. The specific authorization type to use needs to be decided based on business needs.

  1. Roles

The OAuth2.0 protocol defines three roles: resource owner, client and resource server. . The resource owner refers to the authorized user, the client refers to the third-party application, and the resource server refers to the server where the user's resources are stored.

  1. Process

The process in the OAuth2.0 protocol includes the following steps:

(1) The client requests authorization from the resource owner;

(2) The resource owner agrees to the authorization and issues an authorization code to the client;

(3) The client carries the authorization code to request an access token from the resource server;

( 4) The resource server verifies the authorization code and issues an access token to the client.

2. Implementation method

There are many mature solutions on the market for the implementation of the OAuth2.0 protocol, such as Laravel Passport, PHP League OAuth2 Server, etc. This article will focus on the implementation of PHP League OAuth2 Server.

  1. Environment setup

First, you need to create a new PHP project and install the PHP League OAuth2 Server component. The installation method is as follows:

composer require league/oauth2-server
Copy after login

Then, you need to create a database and create the following table structure:

``
CREATE TABLE oauth_clients (

client_id VARCHAR(80) NOT NULL,
client_secret VARCHAR(80) NOT NULL,
redirect_uri VARCHAR(2000) NOT NULL,
grant_types VARCHAR(80),
scope VARCHAR(4000),
user_id VARCHAR(255),
CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id)
Copy after login

);

CREATE TABLE oauth_access_tokens (

access_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
CONSTRAINT access_token_pk PRIMARY KEY (access_token)
Copy after login

);

CREATE TABLE oauth_authorization_codes (

authorization_code VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
redirect_uri VARCHAR(2000),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code)
Copy after login

);

CREATE TABLE oauth_refresh_tokens (

refresh_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(255),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token)
Copy after login

);

2. 配置服务器

在PHP项目中创建一个OAuth2服务器文件,并进行基本配置。实现代码如下:
Copy after login

require_once DIR . '/vendor/autoload.php';

use LeagueOAuth2ServerAuthorizationServer;
use LeagueOAuth2ServerResourceServer;
use LeagueOAuth2ServerGrantClientCredentialsGrant ;
use LeagueOAuth2ServerGrantPasswordGrant;
use LeagueOAuth2ServerGrantAuthCodeGrant;
use LeagueOAuth2ServerGrantImplicitGrant;
use LeagueOAuth2ServerRepositories{AccessTokenRepositoryInterface,

AuthCodeRepositoryInterface,
ClientRepositoryInterface,
RefreshTokenRepositoryInterface,
UserRepositoryInterface};
Copy after login

use LeagueOAuth2Server{ResourceServer, AuthorizationValidatorsBearerTokenValidator};

/ / Configure server
$server = new AuthorizationServer(

$clientRepository,
$accessTokenRepository,
$scopeRepository,
$privateKey,
$publicKey
Copy after login

);

// Configure authorization type
$server->enableGrantType(new ClientCredentialsGrant());
$server->enableGrantType(

new PasswordGrant(
    $userRepository,
    $refreshTokenRepository
)
Copy after login

);
$server->enableGrantType(

new AuthCodeGrant(
    $authCodeRepository,
    $refreshTokenRepository,
    new DateInterval('PT10M')
)
Copy after login

);
$server->enableGrantType(

new ImplicitGrant(
    new DateInterval('PT1H')
)
Copy after login

);

//Configure the resource server
$resourceServer = new ResourceServer(

$accessTokenRepository,
$publicKey
Copy after login
Copy after login

);

//Configure the BearerTokenValidator
$bearerTokenValidator = new BearerTokenValidator(

$accessTokenRepository,
$publicKey
Copy after login
Copy after login

);

上述代码中的各个参数需要根据实际的业务需求进行具体配置。

3. 执行授权请求

在OAuth2服务器文件中,需要实现授权请求的处理逻辑。实现代码如下:
Copy after login

use PsrHttpMessageServerRequestInterface;
use PsrHttpMessageResponseInterface;

// Process authorization request
$server->respondToAccessTokenRequest($request , $response);

上述代码中的$request和$response分别为从HTTP传输层获取的请求参数和响应结果。需要根据实际业务需求进行具体实现。

4. 请求受保护的资源

完成授权后,客户端可以携带访问令牌请求受保护的资源。OAuth2.0服务器需要对访问令牌进行验证,并返回相应的结果。实现代码如下:
Copy after login

// Verify Bearer Token
try {

$bearerTokenValidator->validateAuthorization($request);
Copy after login

} catch (Exception $e) {

$response->getBody()->write($e->getMessage());
return $response->withHeader('Content-Type', 'text/plain')->withStatus(401);
Copy after login

}

// Process the access token in the request header
$accessToken = $request->getHeader('Authorization')[0];
$accessToken = substr($accessToken, strpos($accessToken, ' ' ) 1);

//Verify access token
try {

$resourceServer->validateAuthenticatedRequest($request);
$response->getBody()->write('Access granted');
Copy after login

} catch (Exception $e) {

$errorMessage = $e->getMessage();
$response->getBody()->write($errorMessage);
return $response->withHeader('Content-Type', 'text/plain')->withStatus(401);
Copy after login

}

5. 总结
Copy after login

The above is the detailed content of The best way to implement OAuth2.0 using PHP. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template