oauth2.0 · thinkphp5

[官方demo](https://github.com/bshaffer/oauth2-demo-php) [文档地址](http://bshaffer.github.io/oauth2-server-php-docs/cookbook/) ``` git clone git@github.com:bshaffer/oauth2-server-php.git ``` ~~~php require_once('/path/to/oauth2-server-php/src/OAuth2/Autoloader.php'); OAuth2\Autoloader::register(); ~~~ 或者composer安装 ``` composer require bshaffer/oauth2-server-php "^1.10" ``` 新建OAuth数据库auth2，并执行如下建表sql ``` CREATE TABLE oauth_clients ( client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000), grant_types VARCHAR(80), scope VARCHAR(4000), user_id VARCHAR(80), PRIMARY KEY (client_id) ); CREATE TABLE oauth_access_tokens ( access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(80), expires TIMESTAMP NOT NULL, scope VARCHAR(4000), PRIMARY KEY (access_token) ); CREATE TABLE oauth_authorization_codes ( authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(80), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(4000), id_token VARCHAR(1000), PRIMARY KEY (authorization_code) ); CREATE TABLE oauth_refresh_tokens ( refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(80), expires TIMESTAMP NOT NULL, scope VARCHAR(4000), PRIMARY KEY (refresh_token) ); CREATE TABLE oauth_users ( username VARCHAR(80), password VARCHAR(80), first_name VARCHAR(80), last_name VARCHAR(80), email VARCHAR(80), email_verified BOOLEAN, scope VARCHAR(4000) ); CREATE TABLE oauth_scopes ( scope VARCHAR(80) NOT NULL, is_default BOOLEAN, PRIMARY KEY (scope) ); CREATE TABLE oauth_jwt ( client_id VARCHAR(80) NOT NULL, subject VARCHAR(80), public_key VARCHAR(2000) NOT NULL ); ``` 插入一条测试 ~~~sql INSERT INTO oauth_clients (client_id, client_secret, redirect_uri) VALUES ("testclient", "testpass", "http://fake/"); ~~~ ### 根目录新建`authorize.php`授权文件(server.php) ``` require_once __DIR__ . '/server.php'; $request = OAuth2\Request::createFromGlobals(); $response = new OAuth2\Response(); // validate the authorize request if (!$server->validateAuthorizeRequest($request, $response)) { $response->send(); die; } // display an authorization form if (empty($_POST)) { exit('Do You Authorize TestClient?'); } // print the authorization code if the user has authorized your client $is_authorized = ($_POST['authorized'] === 'yes'); $user_id = 1; $server->handleAuthorizeRequest($request, $response, $is_authorized, $user_id); if ($is_authorized) { // this is only here so that you get to see your code in the cURL request. Otherwise, we'd redirect back to the client $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40); //exit("SUCCESS AND DO redirect_uri! Authorization Code: $code"); } $response->send(); ``` 在浏览器中打开如下连接，然后点击yes按钮 ``` http://www.xxx.com/authorize.php?response_type=code&client_id=testclient&state=xyz ``` 获取的 authorization_code:243cd370e035881d0cc5bfb421ed7d5919f99d1f ### 新建OAuth 2.0服务加载及token生成文件index.php并配置好数据库连接信息 ``` require_once('oauth2-server-php/src/OAuth2/Autoloader.php'); OAuth2\Autoloader::register(); $dsn = 'mysql:dbname=auth2;host=192.168.200.7'; $username = 'root'; $password = 'admin'; $storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password)); $server = new OAuth2\Server($storage); $server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage)); //or any grant type you like! $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send(); ``` 9、获取access_token ``` curl -u testclient:testpass http://www.xxx.com/index.php -d 'grant_type=authorization_code&code=243cd370e035881d0cc5bfb421ed7d5919f99d1f' ``` 返回结果： ``` { "access_token": "fe2617e4034cb25044f6f22a7b2356ca6161c8a5", "expires_in": 3600, "token_type": "Bearer", "scope": null, "refresh_token": "8f9621f8fa9b6a857dffea7a67f4edc0fbdd8f8c" } ```