vipkwd / oauth-sdk
The SDK for VK-OAuth system.
v1.0.7
2023-06-20 02:59 UTC
Requires
- php: >=7.0
README
The SDK for VK-OAuth system.
Installing.
Install library via composer:
composer require vipkwd/oauth-sdk
Usage.
一. 初始化SDK
include_once('vendor/autoload.php');
use Vipkwd\OAuth\OAuth;
use Vipkwd\OAuth\Restful;
$instance = new OAuth([
'client_id' => 'xxxx',
'client_secret' => '',
'redirect_uri' => 'https://xxx.demo.com/vk-oauth/callback.php'
'response_type' => 'code', // In the SDK, the default is `code`
'scope' => 'basic', // In the SDK, the default is `basic`
'state' => 'xyz', // In the SDK, the default is `xyz`
]) :Object;
二、授权模式
1、授权码(authorization code)方式
1.1、获取登录链接:
$instance->getLoginUrl('code'): string;
1.2、回调页面捕获code换取token:
1.2.a、自动拉取token用户信息: Response Array: ["tokenData"=> array, "userInfo" => array]
$response = $instance->authorizeCodeType(true): array|void;
1.2.b、自动拉取token用户信息: Response Array: [...\$tokenData]
$response = $instance->authorizeCodeType(true, function (array $tokenData, array $userInfo) use ($session) {
$session->set('oauth', $tokenData);
$session->set('user', $userInfo);
}): array|void;
1.2.c、不拉取token用户信息: Response Array: [...\$tokenData]
$response = $instance->authorizeCodeType(false, function (array $tokenData, array $userInfo) use ($session) {
$session->set('oauth', $tokenData);
// $userInfo === []
}): array|void;
1.3、响应错误: is_array($response) == false
时,可使用 $instance->except
捕获错误消息Array
2、隐藏式(implicit)
2.1、获取登录链接:
$instance->getLoginUrl('token'): string;
2.2、授权成功,在回调地址中,用JS捕获地址锚点
(注意,令牌的位置是URL锚点(fragment),而不是查询字符串(querystring),这是因为 OAuth 2.0 允许跳转网址是 HTTP 协议,因此存在"中间人攻击"的风险,而浏览器跳转时,锚点不会发到服务器,就减少了泄漏令牌的风险。)
3、凭证式(client credentials):适用于没有前端的应用(命令行)
注意:这种方式请求地址会暴露APP_SECRET,且给出的令牌,是针对第三方应用的,而不是针对用户的,即有可能多个用户共享同一个令牌。
3.1、获取凭证式授权(请求捕获JSON响应)
$instance->getTypesUrl('client'): string;
3.2、或者服务端用
// 响应(同授权码方式 1.2.xxx )
$instance->clientCredentialsType(bool $autoFetchUserInfo = false, ?\Closure $callback = null)
4、密码式(password)
4.1、获取凭证式授权(请求捕获JSON响应)
$instance->getTypesUrl('password'): string;
4.2、或者服务端用
// 响应(同授权码方式 1.2.xxx )
$instance->passwordType(string $username, string $password, bool $autoFetchUserInfo = false, ?\Closure $callback = null)
三、 CURD ...
Restful::post(string $api, array $data = [], string $access_token):array;
Restful::delete(string $api, array $data = [], string $access_token):array;
Restful::put(string $api, array $data = [], string $access_token):array;
Restful::get(string $api, array $data = [], string $access_token):array;
Restful::options(string $api, array $data = [], string $access_token):array;
Restful::patch(string $api, array $data = [], string $access_token):array;