Using PHP to implement third-party authorization and authentication based on OAuth2

Use PHP to implement third-party authorization and authentication based on OAuth2

OAuth2 is an open standard protocol used to authorize third-party applications to access user resources. It is simple, secure and flexible and is widely used in various web applications and mobile applications.

In PHP, we can implement OAuth2 authorization and authentication by using a third-party library. This article will combine sample code to introduce how to use PHP to implement third-party authorization and authentication based on OAuth2.

First, we need to use Composer to install an OAuth2 PHP library. Execute the following command in the command line:

composer require league/oauth2-client

After the installation is complete, we can use the following code snippet to implement the OAuth2 authorization process.

<?php
require 'vendor/autoload.php';

use LeagueOAuth2ClientProviderGenericProvider;

$provider = new GenericProvider([
    'clientId'                => 'your_client_id',
    'clientSecret'            => 'your_client_secret',
    'redirectUri'             => 'http://localhost/callback.php',
    'urlAuthorize'            => 'https://authorization-server.com/auth',
    'urlAccessToken'          => 'https://authorization-server.com/token',
    'urlResourceOwnerDetails' => 'https://api.server.com/userinfo'
]);

// 获取授权地址
$authorizationUrl = $provider->getAuthorizationUrl();

// 将授权地址重定向到用户
header('Location: ' . $authorizationUrl);

In the above code, we first create a GenericProvider object and need to pass in relevant configuration information. Among them, clientId and clientSecret are the application identification and secret key provided by the authorization server; redirectUri is the redirect address after the user completes authorization; urlAuthorize is the authorization address of the authorization server; urlAccessToken is the token acquisition address of the authorization server; urlResourceOwnerDetails is the interface address for obtaining user information.

Next, we use the getAuthorizationUrl method to get the authorization address and then redirect it to the user. The user will log in and authorize via the authorization address, and will then be redirected back to the redirectUri address we provide.

We also need to create a callback page callback.php to handle the redirection after the user completes authorization. The following is a code example of callback.php:

<?php
require 'vendor/autoload.php';

use LeagueOAuth2ClientProviderGenericProvider;

$provider = new GenericProvider([
    'clientId'                => 'your_client_id',
    'clientSecret'            => 'your_client_secret',
    'redirectUri'             => 'http://localhost/callback.php',
    'urlAuthorize'            => 'https://authorization-server.com/auth',
    'urlAccessToken'          => 'https://authorization-server.com/token',
    'urlResourceOwnerDetails' => 'https://api.server.com/userinfo'
]);

// 获取令牌
$token = $provider->getAccessToken('authorization_code', [
    'code' => $_GET['code']
]);

// 使用令牌获取用户信息
$user = $provider->getResourceOwner($token);

// 输出用户信息
echo 'User ID: ' . $user->getId() . '<br>';
echo 'User Name: ' . $user->getName() . '<br>';

In callback.php, we obtain the user authorization and return it through the getAccessToken method token, and then use this token to obtain the user's information through the getResourceOwner method.

The above is a sample code for using PHP to implement third-party authorization and authentication based on OAuth2. Through these codes, we can implement user authorization login and obtain authorized user information.

It should be noted that this is just a simple example of OAuth2. In actual applications, errors and exceptions need to be handled, as well as more authorization processes. Developers should make appropriate modifications and extensions based on specific needs.

Reference:

1. League OAuth2 Client: https://github.com/thephpleague/oauth2-client

The above is the detailed content of Using PHP to implement third-party authorization and authentication based on OAuth2. For more information, please follow other related articles on the PHP Chinese website!