PHP搭建OAuth服务
自己写OAuth后台太麻烦,直接拉取gitbub现成的。拉取活跃度比较高的bshaffer/oauth2-server-php
注:以下编码是Oauth四种认证中的第四种:凭证式。想了解其他几种方式,请移步阮一峰大大的博客http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html?utm_source=tuicool&utm_medium=referral
1、首先拉取代码 https://github.com/bshaffer/oauth2-server-php.git
2、在编码之前先导入数据库
CREATE TABLE `oauth_clients` ( `client_id` varchar(80) NOT NULL, `client_secret` varchar(80) DEFAULT NULL, `redirect_uri` varchar(2000) DEFAULT NULL, `grant_types` varchar(80) DEFAULT NULL, `scope` varchar(4000) DEFAULT NULL, `user_id` varchar(80) DEFAULT NULL, PRIMARY KEY (`client_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_jwt` ( `client_id` varchar(80) NOT NULL, `subject` varchar(80) DEFAULT NULL, `public_key` varchar(2000) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_refresh_tokens` ( `refresh_token` varchar(40) NOT NULL, `client_id` varchar(80) NOT NULL, `user_id` varchar(80) DEFAULT NULL, `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `scope` varchar(4000) DEFAULT NULL, PRIMARY KEY (`refresh_token`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_scopes` ( `scope` varchar(80) NOT NULL, `is_default` tinyint(1) DEFAULT NULL, PRIMARY KEY (`scope`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_users` ( `username` varchar(80) DEFAULT NULL, `password` varchar(80) DEFAULT NULL, `first_name` varchar(80) DEFAULT NULL, `last_name` varchar(80) DEFAULT NULL, `email` varchar(80) DEFAULT NULL, `email_verified` tinyint(1) DEFAULT NULL, `scope` varchar(4000) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `oauth_access_tokens` ( `access_token` varchar(40) NOT NULL, `client_id` varchar(80) NOT NULL, `user_id` varchar(80) DEFAULT NULL, `expires` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `scope` varchar(4000) DEFAULT NULL, PRIMARY KEY (`access_token`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
3、在站点创建oauthConf.php(创建和配置OAuth的实例)
$conf = [ 'dsn' => 'mysql:dbname=open;host=127.0.0.1:3808', 'username' => 'root', 'password' => 'root' ]; // Autoloading (composer is preferred, but for this example let's just do this) require_once('oauth2-server/src/OAuth2/Autoloader.php'); OAuth2\Autoloader::register(); // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost" $storage = new OAuth2\Storage\Pdo($conf); // Pass a storage object or array of storage objects to the OAuth2 server class $server = new OAuth2\Server($storage); // Add the "Client Credentials" grant type (it is the simplest of the grant types) $server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage)); // Add the "Authorization Code" grant type (this is where the oauth magic happens) $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
4、获取令牌前,先向数据库插入一条测试数据
INSERT INTO oauth_clients (client_id, client_secret, redirect_uri) VALUES ("arthurtest", "arthurpass", "http://arthur/");
5、创建getToken.php(注:使用POST方法获取accessToken)
<?php // include our OAuth2 Server object require_once __DIR__.'/server.php'; // Handle a request for an OAuth2.0 Access Token and send the response to the client $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
6、执行getToken.php 获得access_token(注:需传入基本参数如下):
参数:
| respose_type | authorization_code 标准的授权模式 password 基于用户密码的授权模式 client_credentials 基于密钥的授权模式 refresh_token 刷新token |
| client_id | 应用id |
| redirect_uri | 回调地址 |
结果:
{ "access_token": "20dc6de50b4136430a4b391e49cb7f7d94e2fdf6", "expires_in": 3600, "token_type": "Bearer", "scope": null }
7、现在已经拿到了令牌,就可以调用接口了,我们可以使用以下代码进行token合法验证
<?php // include our OAuth2 Server object require_once __DIR__.'/server.php'; // Handle a request to a resource and authenticate the access token if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) { $server->getResponse()->send(); echo json_encode(array('success' => true, 'message' => 'You accessed my APIs!'));
