iansimpson / ss-oauth2-server
Silverstripe OAuth 2.0 Server
Installs: 7 022
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 6
Open Issues: 3
Type:silverstripe-vendormodule
Requires
- php: ^8.1
- guzzlehttp/psr7: ^2.5
- league/oauth2-server: ^8.2
- monolog/monolog: ^1.2
- robbie/psr7-adapters: ^1
- silverstripe/framework: ^4.13
- silverstripe/siteconfig: ^4.13
Requires (Dev)
- php-parallel-lint/php-parallel-lint: ^1.3
- phpstan/extension-installer: ^1.3
- phpstan/phpstan: ^1.10
- phpstan/phpstan-phpunit: ^1.3
- phpstan/phpstan-strict-rules: ^1.5
- phpunit/phpunit: ^9.5
- squizlabs/php_codesniffer: ^3.9
- syntro/silverstripe-phpstan: ^1.0
README
Introduction 👋
This allows your Silverstripe site to be in OAuth 2.0 provider.
Please note that this is under development. It should work just fine, but has not been extensively tested, and is poorly documented.
It supports the following grants:
- Authorization code grant
- Refresh grant
Requirements 🦺
- PHP ^8.1
- Silverstripe ^4.13
Installation 👷♀️
Install the add-on with Composer:
composer require iansimpson/ss-oauth2-server
Next, generate a private/public key pair:
openssl genrsa -out private.key 2048 openssl rsa -in private.key -pubout -out public.key chmod 600 private.key chmod 600 public.key
Put these on your web server, somewhere outside the web root
Generate encryption key:
php -r 'echo base64_encode(random_bytes(36)), PHP_EOL;'
Add the following lines in your .env
, updating the OAUTH_PRIVATE_KEY_PATH
and OAUTH_PUBLIC_KEY_PATH
to point to the key files, and adding the encryption key you have just generated:
OAUTH_PRIVATE_KEY_PATH="/path/to/my/private.key" OAUTH_PUBLIC_KEY_PATH="/path/to/my/public.key" OAUTH_ENCRYPTION_KEY="my-encryption-key"
Finally, after doing a /dev/build/
go into your site settings and on the OAuth Configuration and add a new Client. Using this you should now be able to generate a key at /oauth/authorize
, per the OAuth 2.0 spec (https://tools.ietf.org/html/rfc6749).
Usage 🏃🏃🏃
To verify the Authorization header being submitted is correct, add this to your Controller:
$member = IanSimpson\OAuth2\OauthServerController::getMember($this);
it will return a Member object if the Authorization header is correct, or null if there's an error. Simple!