OAuth2 基於TP 搭建簡單案例

閱讀須知：理解OAuth2

（法是一個授權 authorization）的開放網路標準，在全世界廣泛應用，目前的版本是2.0版。 今天就試著把環境搭建一下在此僅作為學習記錄；參考資料來源：http://oauth.net/2/http://bshaffer.github.io/oauth2- server-php-docs/cookbook/

資料表準備：

--
-- 表的结构 `oauth_access_tokens`
--

CREATE TABLE IF NOT EXISTS `oauth_access_tokens` (
  `access_token` text,
  `client_id` text,
  `user_id` text,
  `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `scope` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- --------------------------------------------------------

--
-- 表的结构 `oauth_authorization_codes`
--

CREATE TABLE IF NOT EXISTS `oauth_authorization_codes` (
  `authorization_code` text,
  `client_id` text,
  `user_id` text,
  `redirect_uri` text,
  `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `scope` text,
  `id_token` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- --------------------------------------------------------

--
-- 表的结构 `oauth_clients`
--

CREATE TABLE IF NOT EXISTS `oauth_clients` (
  `client_id` text,
  `client_secret` text,
  `redirect_uri` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- 转存表中的数据 `oauth_clients`
--

INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`) VALUES
('demoapp', 'demopass', 'http://127.0.0.1/tp/index.php');

-- --------------------------------------------------------

--
-- 表的结构 `oauth_public_keys`
--

CREATE TABLE IF NOT EXISTS `oauth_public_keys` (
  `client_id` varchar(80) DEFAULT NULL,
  `public_key` varchar(8000) DEFAULT NULL,
  `private_key` varchar(8000) DEFAULT NULL,
  `encryption_algorithm` varchar(80) DEFAULT 'RS256'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- --------------------------------------------------------

--
-- 表的结构 `oauth_refresh_tokens`
--

CREATE TABLE IF NOT EXISTS `oauth_refresh_tokens` (
  `refresh_token` text,
  `client_id` text,
  `user_id` text,
  `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `scope` text
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- --------------------------------------------------------

--
-- 表的结构 `oauth_scopes`
--

CREATE TABLE IF NOT EXISTS `oauth_scopes` (
  `scope` text,
  `is_default` tinyint(1) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

-- --------------------------------------------------------

--
-- 表的结构 `oauth_users`
--

CREATE TABLE IF NOT EXISTS `oauth_users` (
  `username` varchar(255) NOT NULL,
  `password` varchar(2000) DEFAULT NULL,
  `first_name` varchar(255) DEFAULT NULL,
  `last_name` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Indexes for table `oauth_users`
--
ALTER TABLE `oauth_users`
  ADD PRIMARY KEY (`username`);

OAuth2 庫位址：https://github.com/bshaffer/oauth2-server-php

這裡我把它放在Vendor/OA2裡;

授權請求類別：

<?php

namespace Api\Controller;

class OAuth2Controller extends \Org\OAuth2\Controller
{

    public function __construct()
    {
        parent::__construct();
    }

    public function authorize()
    {

// validate the authorize request
        if (!$this->oauth_server->validateAuthorizeRequest($this->oauth_request, $this->oauth_response)) {
            $this->oauth_response->send();
            die;
        }


// print the authorization code if the user has authorized your client
        $this->oauth_server->handleAuthorizeRequest($this->oauth_request, $this->oauth_response, true);

        // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client
        $code = substr($this->oauth_response->getHttpHeader('Location'), strpos($this->oauth_response->getHttpHeader('Location'), 'code=') + 5, 40);

        echo json_encode(['code' => $code]);

        //$this->oauth_response->send();
    }

    public function token()
    {
        $this->oauth_server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
    }

}

OAuth2 庫的請求封裝放在：Org/OAuth2裡；

<?php

namespace Org\OAuth2;

class Controller
{

    protected $oauth_server;
    protected $oauth_storage;
    protected $oauth_request;
    protected $oauth_response;

    public function __construct()
    {
        // Autoloading (composer is preferred, but for this example let's just do this)
//        require_once(VENDOR_PATH . '/OAuth2/Autoloader.php');
//        \OAuth2\Autoloader::register();
        // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
        $this->oauth_storage = new \OAuth2\Storage\Pdo(array('dsn' => C('DSN'), 'username' => C('USERNAME'), 'password' => C('PASSWORD')));

        // Pass a storage object or array of storage objects to the OAuth2 server class
        $this->oauth_server = new \OAuth2\Server($this->oauth_storage);

        // Add the "Client Credentials" grant type (it is the simplest of the grant types)
        $this->oauth_server->addGrantType(new \OAuth2\GrantType\ClientCredentials($this->oauth_storage));

        // Add the "Authorization Code" grant type (this is where the oauth magic happens)
        $this->oauth_server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($this->oauth_storage));

        $this->oauth_request = \OAuth2\Request::createFromGlobals();
        $this->oauth_response = new \OAuth2\Response();
    }

}


<?php

namespace Org\OAuth2;

class Resource extends Controller
{

    protected $tokenData;

    public function __construct()
    {
        parent::__construct();

        // Handle a request to a resource and authenticate the access token
        if (!$this->oauth_server->verifyResourceRequest(\OAuth2\Request::createFromGlobals())) {
            $this->oauth_server->getResponse()->send();
            die;
        }

        $this->tokenData = $this->oauth_server->getResourceController()->getToken();
    }

}

以上就介紹了OAuth2 基於TP 搭建簡單案例，包括了方面的內容，希望對PHP教程有興趣的朋友有所幫助。