jakim-pj / yii2-authserver
Authentication server compatible with OAuth2.
Installs: 543
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Type:yii2-extension
Requires
- php: >=5.5.0
- facebook/graph-sdk: ^5.4
- yiisoft/yii2: ^2.0
This package is auto-updated.
Last update: 2024-10-11 17:00:34 UTC
README
Authentication server is compatible with OAuth 2.0
Success response RFC 6749
HTTP/1.1 200 OK Server: nginx/1.6.2 Date: Wed, 23 Nov 2016 15:35:13 GMT Content-Type: application/json; charset=UTF-8
{
"access_token": "4U0B6zMngrDuiNPyTErzsZ35gBVexoxC_1479923192",
"token_type": "bearer",
"expires_in": 7200,
"refresh_token": "e-KaqLwjAgWrpp5A8c1zISfeK4dOEZex_1482507992"
}
Error response RFC 6749
HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8
{
"error":"invalid_request"
}
Errors
The authorization server responds with an HTTP 400 (Bad Request) status code and includes the following parameters with the response:
- invalid_request The request is missing a required parameter, other than grant type.
- invalid_grant The provided authorization grant (e.g., authorization code, resource owner credentials or refresh token) is invalid, expired, revoked.
- unsupported_grant_type The authorization grant type is not supported by the authorization server.
Installation
1 . Configure component in config/web.php
Example:
'components' => [ 'authServer' => [ 'class' => \jakim\authserver\Server::class, 'grantTypes' => [ 'password' => \jakim\authserver\grants\PasswordCredentials::class, 'refresh_token' => \jakim\authserver\grants\RefreshToken::class, 'facebook_token' => [ 'class' => \jakim\authserver\grants\FacebookToken::class, 'app_id' => $params['facebook.app_id'], 'app_secret' => $params['facebook.app_secret'], 'fields' => 'birthday,email,name,about,gender,picture.type(large){url}', ], ], ], ],
2 . Implement identity interfaces (typically in User model):
jakim\authserver\base\UserIdentityInterfacefor password grant and refresh token grantjakim\authserver\base\FacebookUserIdentityInterfacefor facebook token grant
Example:
public static function findIdentityByCredentials($username, $password) { $security = \Yii::$app->security; $model = static::findOne(['email' => $username]); if ($model && $security->validatePassword($password, $model->password)) { return $model; } return null; } public static function findIdentityByRefreshToken($refreshToken) { return static::findOne(['refresh_token' => $refreshToken]); } public static function findIdentityByFacebookGraphUser($user) { /** @var GraphUser $user */ $model = static::findOne(['facebook_id' => $user->getId()]); if ($model === null) { $model = static::findOne(['email' => $user->getEmail()]); } // auto create user from facebook if ($model === null) { /** @var User $model */ $model = UserFactory::newFromFacebookGraphUser($user); if (!$model->save()) { \Yii::error('Unable to create new user from facebook: ' . print_r($model->getErrors(), true), __METHOD__); return null; } } else { $model = UserFactory::updateFromFacebookGraphUser($model, $user); if (!$model->save()) { \Yii::error('Unable to update user from facebook: ' . print_r($model->getErrors(), true), __METHOD__); return null; } } return $model; } public function setAccessToken($token) { $this->access_token = $token; } public function getAccessToken() { return $this->access_token; } public function setRefreshToken($token) { $this->refresh_token = $token; } public function getRefreshToken() { return $this->refresh_token; }
3 . Create token action in auth controller
Example - custom action:
public function actionToken() { /** @var Server $server */ $server = Instance::ensure('authServer', Server::class); if (($response = $server->getResponse()) === null) { return $server->getError(); } return $response; }
Example - predefined action class:
public function actions() { return [ 'token' => TokenAction::class, ]; }
API Usage example:
Arguments for password grant type
Arguments for password grant type
Arguments for facebook grant type
4 . Use custom auth filter jakim\authserver\filters\HttpBearerAuth (optionally)