The best way to implement OAuth2.0 using PHP
OAuth2.0 is a protocol used to authorize third-party applications to access user resources. It is now widely used in the Internet field. With the development of Internet business, more and more applications need to support the OAuth2.0 protocol. This article will introduce the best way to implement the OAuth2.0 protocol using PHP.
1. Basic knowledge of OAuth2.0
Before introducing the implementation method of OAuth2.0, we need to understand some basic knowledge of OAuth2.0.
- Authorization type
The OAuth2.0 protocol defines 4 different authorization types: authorization code mode (authorization code), implicit authorization mode (implicit grant), Password mode (resource owner password credentials) and client mode (client credentials). Different authorization types are suitable for different scenarios. The specific authorization type to use needs to be decided based on business needs.
- Roles
The OAuth2.0 protocol defines three roles: resource owner, client and resource server. . The resource owner refers to the authorized user, the client refers to the third-party application, and the resource server refers to the server where the user's resources are stored.
- Process
The process in the OAuth2.0 protocol includes the following steps:
(1) The client requests authorization from the resource owner;
(2) The resource owner agrees to the authorization and issues an authorization code to the client;
(3) The client carries the authorization code to request an access token from the resource server;
( 4) The resource server verifies the authorization code and issues an access token to the client.
2. Implementation method
There are many mature solutions on the market for the implementation of the OAuth2.0 protocol, such as Laravel Passport, PHP League OAuth2 Server, etc. This article will focus on the implementation of PHP League OAuth2 Server.
- Environment setup
First, you need to create a new PHP project and install the PHP League OAuth2 Server component. The installation method is as follows:
composer require league/oauth2-server
Then, you need to create a database and create the following table structure:
``
CREATE TABLE oauth_clients (
client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80) NOT NULL, redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(4000), user_id VARCHAR(255), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id)
);
CREATE TABLE oauth_access_tokens (
access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(4000), CONSTRAINT access_token_pk PRIMARY KEY (access_token)
);
CREATE TABLE oauth_authorization_codes (
authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(4000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code)
);
CREATE TABLE oauth_refresh_tokens (
refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(4000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token)
);
2. 配置服务器 在PHP项目中创建一个OAuth2服务器文件,并进行基本配置。实现代码如下:
require_once DIR . '/vendor/autoload.php';
use LeagueOAuth2ServerAuthorizationServer;
use LeagueOAuth2ServerResourceServer;
use LeagueOAuth2ServerGrantClientCredentialsGrant ;
use LeagueOAuth2ServerGrantPasswordGrant;
use LeagueOAuth2ServerGrantAuthCodeGrant;
use LeagueOAuth2ServerGrantImplicitGrant;
use LeagueOAuth2ServerRepositories{AccessTokenRepositoryInterface,
AuthCodeRepositoryInterface, ClientRepositoryInterface, RefreshTokenRepositoryInterface, UserRepositoryInterface};
use LeagueOAuth2Server{ResourceServer, AuthorizationValidatorsBearerTokenValidator};
/ / Configure server
$server = new AuthorizationServer(
$clientRepository, $accessTokenRepository, $scopeRepository, $privateKey, $publicKey
);
// Configure authorization type
$server->enableGrantType(new ClientCredentialsGrant());
$server->enableGrantType(
new PasswordGrant(
$userRepository,
$refreshTokenRepository
));
$server->enableGrantType(
new AuthCodeGrant(
$authCodeRepository,
$refreshTokenRepository,
new DateInterval('PT10M')
));
$server->enableGrantType(
new ImplicitGrant(
new DateInterval('PT1H')
));
//Configure the resource server
$resourceServer = new ResourceServer(
$accessTokenRepository, $publicKey
);
//Configure the BearerTokenValidator
$bearerTokenValidator = new BearerTokenValidator(
$accessTokenRepository, $publicKey
);
上述代码中的各个参数需要根据实际的业务需求进行具体配置。 3. 执行授权请求 在OAuth2服务器文件中,需要实现授权请求的处理逻辑。实现代码如下:
use PsrHttpMessageServerRequestInterface;
use PsrHttpMessageResponseInterface;
// Process authorization request
$server->respondToAccessTokenRequest($request , $response);
上述代码中的$request和$response分别为从HTTP传输层获取的请求参数和响应结果。需要根据实际业务需求进行具体实现。 4. 请求受保护的资源 完成授权后,客户端可以携带访问令牌请求受保护的资源。OAuth2.0服务器需要对访问令牌进行验证,并返回相应的结果。实现代码如下:
// Verify Bearer Token
try {
$bearerTokenValidator->validateAuthorization($request);
} catch (Exception $e) {
$response->getBody()->write($e->getMessage());
return $response->withHeader('Content-Type', 'text/plain')->withStatus(401);}
// Process the access token in the request header
$accessToken = $request->getHeader('Authorization')[0];
$accessToken = substr($accessToken, strpos($accessToken, ' ' ) 1);
//Verify access token
try {
$resourceServer->validateAuthenticatedRequest($request);
$response->getBody()->write('Access granted');} catch (Exception $e) {
$errorMessage = $e->getMessage();
$response->getBody()->write($errorMessage);
return $response->withHeader('Content-Type', 'text/plain')->withStatus(401);}
5. 总结
The above is the detailed content of The best way to implement OAuth2.0 using PHP. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases?
Apr 03, 2025 am 12:03 AM
What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
