fuzz / laravel-oauth
auth
Installs: 20 082
Dependents: 1
Suggesters: 0
Security: 0
Stars: 4
Watchers: 28
Forks: 0
Open Issues: 2
Requires
- fuzz/magic-box: 1.1.*
- laravel/framework: 5.2.*
- lucadegasperi/oauth2-server-laravel: 5.1.*
- symfony/security-core: 3.0.*
Requires (Dev)
- doctrine/dbal: ~2.3
- fuzz/rest-tester: 1.0.*
- fzaninotto/faker: ~1.4
- mockery/mockery: 0.9.*
- orchestra/testbench: 3.2.*
- phpunit/phpunit: ~4.0
This package is not auto-updated.
Last update: 2024-11-12 11:57:34 UTC
README
An OAuth wrapper to bridge lucadegasperi/oauth2-server-laravel
and Laravel's authentication system while providing optional support for fuzz/magic-box
repositories
Setup
-
Require the composer package
-
Set up your project
AuthServiceProvider
to extendFuzz\Auth\Providers\AuthServiceProvider
-
Follow instructions in
lucadegasperi/oauth2-server-laravel
to set it up. -
Configure the
grant_types
array inconfig/oauth2.php
to use the Fuzz grants (or extend/create your own)'grant_types' => [ 'password' => [ 'class' => \Fuzz\Auth\OAuth\Grants\PasswordGrant::class, 'callback' => '\Fuzz\Auth\OAuth\Grants\PasswordGrantVerifier@verify', 'access_token_ttl' => 7600, ], 'refresh_token' => [ 'class' => \Fuzz\Auth\OAuth\Grants\RefreshTokenGrant::class, 'access_token_ttl' => 7600, 'refresh_token_ttl' => 14600, ], ],
-
Set up
config/auth.php
Set the default guard to
api
'defaults' => [ 'guard' => 'api', 'passwords' => 'users', ],
Set the
api
guard to use\Fuzz\Auth\Guards\OAuthGuard::class
as its driver'api' => [ 'driver' => \Fuzz\Auth\Guards\OAuthGuard::class, 'provider' => 'users', ],
Set Laravel to use the
oauth
user provider and set your project's User class'providers' => [ 'users' => [ 'driver' => 'oauth', 'model' => \App\User::class, 'token_key' => 'access_token', ], ],
-
Create
app/Http/Middleware/OAuthMiddleware.php
and extendFuzz\Auth\Middleware\OAuthenticateMiddleware
. Add it to the$routeMiddleware
array in `app/Http/Kernel.php -
Your User class should implement the
Fuzz\Auth\Models\AgentInterface
andIlluminate\Contracts\Auth\Authenticatable
and their required methods
Usage
Protecting routes
Routes that require authentication can now be protected with the auth
middleware:
$router->group(
['middleware' => 'auth'], function (Router $router) {
$router->get('locations', 'LocationsController@index');
});
Within any authenticated route, you can use all the default Laravel Auth
methods such as Auth::user()
to resolve the currently authenticated user. lucadegasperi/oauth2-server-laravel
provides a way to protect routes based on scope, but you can also use Fuzz\Auth\Policies\RepositoryModelPolicy@requireScopes
to throw League\OAuth2\Server\Exception\AccessDeniedException
exceptions when a user does not have the required scopes.
Protecting resources
Laravel OAuth comes with a base Fuzz\Auth\Policies\RepositoryModelPolicy
but you may create your own (implementing the Fuzz\Auth\Policies\RepositoryModelPolicyInterface
might be helpful). Extending Fuzz\Auth\Policies\RepositoryModelPolicy
will provide some base methods to ease writing policies for repositories.
Once a policy is set up and mapped to its model class, you may use it to check user permissions according to your policy:
if (policy(ModelClass::class)->index($user, $postRepository)) {
// Index stuff
}
Resolving the current user
All of Laravel's Auth
methods will work, so resolving the current user is as simple as $user = Auth::user()
. https://laravel.com/docs/5.2/authentication
.
Auth
will use your default guard unless specified. A typical guard set up for an OAuth specced API would be having one for users accessing via a client and another for client-only requests. Currently there is only Fuzz\Auth\Guards\OAuthGuard
which is responsible for resolving the user for a request.
TODOs
- Separate
fuzz/laravel-oauth
fromfuzz/magic-box
- Support client requests in their own guard and be compatible with the current user
OAuthGuard