An OAuth2 client for zfcampus/zf-oauth2
When you write an application which includes zfcampus/zf-oauth2 this module is written to connect easily and cleanly connect to that zf-oauth2 implementation.
Installation of this module uses composer. For composer documentation, please refer to getcomposer.org.
composer require api-skeletons/zf-oauth2-client ^1.0
Add this module to your application's configuration:
'modules' => array( ... 'ZF\OAuth2\Client', ),
This module provides the service manager config through the module but you may use the
ZF\OAuth2\Client\OAuth2Client class directly by injecting your own
Zend\Http\Client and configuration.
config/autoload/zf-oauth2-client-global.php and edit.
You may configure multiple zf-oauth2 authorization code provider profiles. login_redirect_route is your
'zf-oauth2-client' => array( 'profiles' => array( 'default' => array( 'login_redirect_route' => 'zfcuser', 'client_id' => 'client', 'secret' => 'password', 'endpoint' => 'http://localhost:8081/oauth', 'refresh_endpoint' => 'http://localhost:8081/oauth', 'scope' = 'list,of,scopes', ), /* 'other provider' => array( ... */ ), ),
zf-oauth2-client expects the server to return a new refresh token anytime a refresh token is used to get a new access token. To set this flag on zf-oauth2 use
return array( 'zf-oauth2' => array( 'options' => array( 'always_issue_new_refresh_token' => true, ), ), );
A controller is provided to send the user into the authorization code process and validate the code when the user returns. Upon validation the session will have a valid access_token.
To send a user into the authorization code process direct them to the zf-oauth2-client route.
// Controller $this->plugin('redirect') ->toRoute('zf-oauth2-client', array('profile' => 'default')); // View $this->url('zf-oauth2-client', array('profile' => 'default'));
When the user returns from the process they will be redirected to the login_redirect_route. This route should fetch an authorized http client and, using it, authenticate the user based on their profile returned from an API call back to the OAuth2 server.
To make JWT easier to test command line tools are included.
oauth2:jwt:generateGenerate a JWT to send to an OAuth2