OAuth2.0协议封装类
1.去官网下载源码
2.创建数据库 oauth2db
CREATE TABLE oauth_clients (
client_id VARCHAR(80) NOT NULL,
client_secret VARCHAR(80),
redirect_uri VARCHAR(2000),
grant_types VARCHAR(80),
scope VARCHAR(4000),
user_id VARCHAR(80),
PRIMARY KEY (client_id)
);
CREATE TABLE oauth_access_tokens (
access_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(80),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (access_token)
);
CREATE TABLE oauth_authorization_codes (
authorization_code VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(80),
redirect_uri VARCHAR(2000),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
id_token VARCHAR(1000),
PRIMARY KEY (authorization_code)
);
CREATE TABLE oauth_refresh_tokens (
refresh_token VARCHAR(40) NOT NULL,
client_id VARCHAR(80) NOT NULL,
user_id VARCHAR(80),
expires TIMESTAMP NOT NULL,
scope VARCHAR(4000),
PRIMARY KEY (refresh_token)
);
CREATE TABLE oauth_users (
username VARCHAR(80),
password VARCHAR(80),
first_name VARCHAR(80),
last_name VARCHAR(80),
email VARCHAR(80),
email_verified BOOLEAN,
scope VARCHAR(4000)
);
CREATE TABLE oauth_scopes (
scope VARCHAR(80) NOT NULL,
is_default BOOLEAN,
PRIMARY KEY (scope)
);
CREATE TABLE oauth_jwt (
client_id VARCHAR(80) NOT NULL,
subject VARCHAR(80),
public_key VARCHAR(2000) NOT NULL
);
INSERT INTO oauth_clients (client_id, client_secret, redirect_uri) VALUES ("testclient", "testpass", "http://fake/");
php Oauth控制器类
<?php
namespace app\api\controller;
use think\Controller;
class Oauth extends Controller{
//http://192.168.100.191/iptv/public/index.php/api/oauth/authorize?response_type=code&client_id=testclient&state=xyz
public function authorize()
{
global $server;
$dsn= 'mysql:dbname=oauth2db;host=localhost';
$username = 'root';
$password = 'root';
// 自动加载
include('/home/oauth2-server-php/src/OAuth2/Autoloader.php');
\OAuth2\Autoloader::register();
$storage = new \OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new \OAuth2\Server($storage);
$server->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
$server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
$request = \OAuth2\Request::createFromGlobals();
$response = new \OAuth2\Response();
if (!$server->validateAuthorizeRequest($request, $response)) {
die;
}
if (empty($_POST)) {
exit('
<form method="post">
<label>Do You Authorize TestClient?</label><br />
<input type="submit" name="authorized" value="yes">
<input type="submit" name="authorized" value="no">
</form>');
}
$is_authorized = ($_POST['authorized'] === 'yes');
$server->handleAuthorizeRequest($request, $response, $is_authorized);
if ($is_authorized) {
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
exit("SUCCESS! Authorization Code: $code");
}
$response->send();
}
//curl -u testclient:testpass http://192.168.100.191/iptv/public/index.php/api/oauth/token -d 'grant_type=authorization_code&code=189d1757fe7e2e3fc8fb36fe4d6c468d1ca1bdae'
//Authorization Basic dGVzdGNsaWVudDp0ZXN0cGFzcw== header头中想放入Authorization需要Basic空格+base64_encode(testclient:testpass)编码的字符串解码base64_decode
public function token(){
global $server;
$dsn= 'mysql:dbname=oauth2db;host=localhost';
$username = 'root';
$password = 'root';
// 自动加载
include('/home/oauth2-server-php/src/OAuth2/Autoloader.php');
\OAuth2\Autoloader::register();
$storage = new \OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new \OAuth2\Server($storage);
$server->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
$server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
$server->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
}
}
