hrevert/ht-oauth-server-client-module

A Zend Framework 2 module which provides custom grant for zfr-oauth2-server to authenticate users via third party applications like facebook, google etc

0.3.0 2015-08-08 05:00 UTC

README

A Zend Framework 2 module which provides custom grant for zfr-oauth2-server to authenticate users via third party applications like facebook, google etc.

Master Branch Build Status Latest Stable Version Latest Unstable Version Total Downloads

What's with the name?

The module provides a grant for a oauth2 server and it is also a client for oauth2 servers of facebook, google etc. So, it is named as server as well as client.

Installation

  • Add "hrevert/ht-oauth-server-client-module": "0.3.*" to composer.json and run php composer.phar update.
  • Enabled the following modules in config/application.config.php.
'modules' => array(
    'ZfrOAuth2Module\Server',
    'HtLeagueOauthClientModule',
    'HtOauthClientModule', 
    'HtOauth\Server\ClientModule',
),

Configuring the module

Setting the User class

User class must implement Hrevert\OauthClient\Model\UserInterface. Then, you need to modify the Doctrine mapping to associate this interface with your own user class.

return [
    'doctrine' => [
        'entity_resolver' => [
            'orm_default' => [
                'Hrevert\OauthClient\Model\UserInterface' => 'Application\Entity\User'
            ]
        ]
    ]
]
Provider configuration

You need to define the credentials like client id, client secret and other configuration. Read this for these configuration.

Adding grant types
return [
    'zfr_oauth2_server' => [
        'grants' => [
            // .. other grants,
            'HtOauth\Server\ClientModule\Grant\Oauth2Client',
        ]
    ]
]
Enabling providers

Enable providers by adding records to the table oauth_provider.

Autocreating user

When a new user tries to log in, s/he is not allowed to log in by default.

To automatically create a new user, you need to specify a callable for creating a user.

return [
    'ht_oauth_service_client' => [
        'create_user_callable' => function(\HtLeagueOauthClientModule\Model\UserInterface $userDetails) {
            $user = ......;

            $userProvider = new \Hrevert\OauthClient\Entity\UserProvider();
            $userProvider->setUser($user);

            return $userProvider; 

            // or just

            $user = ......;

            return $user;
        }
    ]
];

How It Works

Login with OAuth 2.0

  1. Client: Client sends a POST request to the server at /oauth/token with oauth2 authorization code or access token.
  2. Server: With authorization code, authorization code is exchanged for provider access token.
  3. Server: User information is retrived using the provider access token from Step 2.
  4. Server: Look up the user by the unique provider id. If user already exists, grab the existing user, otherwise create a new user account.
  5. Server: Reply with a new access token.