rowasc/yii2oauthserver

A module that implement's TheLeague's OAuth component for Yii2

Maintainers

Details

github.com/rowasc/yii2oauthserver

Source

Issues

Installs: 15

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Type:yii2-extension

1.0.3 2015-10-18 18:36 UTC

Requires

Requires (Dev)

MIT 0ecd73ac5d85cc7356180aaa98a8ca704731a28a

  • Romina Suarez <rowasc.woop@gmail.com>

This package is not auto-updated.

Last update: 2025-05-10 20:52:51 UTC

README

  • Copy the migration file to your own migrations directory (inside of your yii2 project) , and run the migrations. Make sure you update the client_id and client_secret before using it in your project, since they are not safe the way they are added in the migration!

  • Edit your yii2 configuration to include the following under "components"

    'ResourceServerComponent'=> [
        'class' => 'rowasc\yii2oauthserver\components\ResourceServerComponent'
    ],
    'AuthServerComponent'=> [
        'class' => 'rowasc\yii2oauthserver\components\AuthServerComponent'
    ],
  • Edit your yii2 configuration to include the following under "modules"
     'yii2oauthserver' => [
               'class' => '@vendor\rowasc\yii2oauthserver\Module',
     ]
  • In your .htaccess file, allow the Authorization headers to pass, since they will be stripped most of the time witouth this line
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

  • Have your base api controller extend " \rowasc\yii2oauthserver\controllers\ApiController" .

  • Create an AuthorizationController, and extend \rowasc\yii2oauthserver\controllers\AuthorizationController in it.

  • In your User model, extend rowasc\yii2oauthserver\models\User

This will create an "/authorization/login" and a "/authorization/logout" endpoint which will allow you to get and expire bearer tokens for your api auth.

Examples: getting a new bearer token

POST /v1/authorization/login HTTP/1.1 Host: api.yii2-starter-kit.dev Content-Type: application/json Cache-Control: no-cache Postman-Token: 7dd28588-b30d-a252-5c7e-5ecc9d1ab740

{
    "client_id": "client_name",
    "client_secret": "client_secret",
    "username": "webmaster",
    "password": "webmaster" 
}

Response:

{
    "access_token": "ENMTcmTSgQTmwCpVbaO3AHHbhbJYgziiZzjWzWUd",
    "token_type": "Bearer",
    "expires_in": 43200
}

Examples: invalidating the token so users do not have access to the api

POST /v1/authorization/logout HTTP/1.1 Host: api.yii2-starter-kit.dev Content-Type: application/json Authorization: Bearer ENMTcmTSgQTmwCpVbaO3AHHbhbJYgziiZzjWzWUd Cache-Control: no-cache Postman-Token: 9b86bad2-dd05-898b-5888-6047e0dd2772

{
    "client_id": "client_name",
    "client_secret": "client_secret",
    "username": "webmaster",
    "password": "webmaster" 
}

Response:

{
  "status": true
}

Help wanted:

This project is in need of better tests.