在tp上實(shí)現(xiàn)的auth2驗(yàn)證的�,在網(wǎng)上發(fā)現(xiàn)筆記很少, 不像yii, 故在此發(fā)表一下筆記,用來(lái)幫助有相關(guān)需求的朋友
PS: 鑒于oauth2有四種方案��, 本實(shí)例是基于 客戶端憑證 實(shí)現(xiàn)���,其他三種就不講述了
一��、通過(guò)composer安裝
composer require --prefer-dist bshaffer/oauth2-server-php
安裝完成后����,如圖:
會(huì)出現(xiàn)相關(guān)的目錄
二、實(shí)現(xiàn)授權(quán)文件
1) 創(chuàng)建對(duì)應(yīng)的數(shù)據(jù)表
首先找到 Pdo.php文件�,如圖:
然后找到該位置
目的,是告訴你創(chuàng)建表時(shí)的名稱���,應(yīng)該和這里使用的表名稱一致
關(guān)于創(chuàng)建的表�����,我直接上代碼����,方便各位可以直接復(fù)制粘貼:
CREATE TABLE oauth_access_tokens (
access_token varchar(40) NOT NULL,
client_id varchar(80) NOT NULL,
user_id int(11) DEFAULT NULL,
expires varchar(19) NOT NULL,
scope text,
PRIMARY KEY (access_token),
KEY fk_access_token_oauth2_client_client_id (client_id),
KEY ix_access_token_expires (expires),
CONSTRAINT fk_access_token_oauth2_client_client_id FOREIGN KEY (client_id) REFERENCES pos_oauth2_client (client_id) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE oauth_authorization_codes (
authorization_code varchar(40) NOT NULL,
client_id varchar(80) NOT NULL,
user_id int(11) DEFAULT NULL,
redirect_uri text NOT NULL,
expires int(11) NOT NULL,
scope text,
PRIMARY KEY (authorization_code),
KEY fk_authorization_code_oauth2_client_client_id (client_id),
KEY ix_authorization_code_expires (expires),
CONSTRAINT fk_authorization_code_oauth2_client_client_id FOREIGN KEY (client_id) REFERENCES pos_oauth2_client (client_id) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE oauth_clients (
client_id varchar(80) NOT NULL,
client_secret varchar(80) NOT NULL,
redirect_uri text NOT NULL,
grant_type text,
scope text,
created_at int(11) DEFAULT NULL,
updated_at int(11) DEFAULT NULL,
created_by int(11) DEFAULT NULL,
updated_by int(11) DEFAULT NULL,
PRIMARY KEY (client_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE oauth_refresh_tokens (
refresh_token varchar(40) NOT NULL,
client_id varchar(80) NOT NULL,
user_id int(11) DEFAULT NULL,
expires int(11) NOT NULL,
scope text,
PRIMARY KEY (refresh_token),
KEY fk_refresh_token_oauth2_client_client_id (client_id),
KEY ix_refresh_token_expires (expires),
CONSTRAINT fk_refresh_token_oauth2_client_client_id FOREIGN KEY (client_id) REFERENCES pos_oauth2_client (client_id) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE oauth_scopes (
scope text,
is_default tinyint(1) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
添加一條數(shù)據(jù)
insert into oauth_clients(client_id,client_secret,redirect_uri,grant_type,scope,created_at,updated_at,created_by,updated_by) values ("admin","123456","http://","client_credentials",NULL,NULL,NULL,NULL,NULL);
PS,說(shuō)明一下����,如圖:
在我實(shí)際使用中,只使用到這五張表��,也就是上面創(chuàng)建的五張表��,在這個(gè)config里面�����,剩下的幾個(gè)選項(xiàng)我是全部 注銷掉了的
另外還有一個(gè)情況���,說(shuō)明一下: 有可能各位�,對(duì)數(shù)據(jù)表設(shè)置了表前綴����, 也是需要在此進(jìn)行相關(guān)修改的, 比如我創(chuàng)建的���,見(jiàn)圖:
所以我進(jìn)行了相關(guān)的修改:
2) 創(chuàng)建授權(quán)文件 Oauth2.php, 名字隨便自己取
namespace appcommon;
/**
@author jinyan
@create 20180416
*/
use OAuth2StoragePdo;
use thinkConfig;
class Oauth2
{
/**
* @Register new Oauth2 apply
* @param string $action
* @return boolean|OAuth2Server
*/
function grantTypeOauth2($action=null)
{
Config::load(APP_PATH."database.php");
$storage = new Pdo(
[
"dsn" => config("dsn"),
"username" => config("username"),
"password" => config("password")
]
);
$server = new OAuth2Server($storage, array("enforce_state"=>false));
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2GrantTypeClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2GrantTypeAuthorizationCode($storage));
// Add the "User Credentials" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2GrantTypeUserCredentials($storage));
return $server;
}
/**
* @校驗(yàn)token值
* @param unknown $server
*/
protected function checkApiAuthroize($server)
{
if (!$server->verifyResourceRequest(OAuth2Request::createFromGlobals())) {
$server->getResponse()->send();
exit;
}
}
}
?>
3) 創(chuàng)建token文件���, Access.php
namespace apprestfulcontroller;
use appcommonOauth2;
/**
@uathor:jinyan
*/
class Access extends Oauth2
{
protected $_server;
/**
* @授權(quán)配置
*/
public function __construct()
{
return $this->_server = $this->grantTypeOauth2();
}
/**
*
*/
private function _token()
{
// Handle a request for an OAuth2.0 Access Token and send the response to the client
$this->_server->handleTokenRequest(OAuth2Request::createFromGlobals())->send("json", "oauth2_");
}
/**
* @get access_token
*/
public function access_token()
{
$this->_token();
}
}
?>
那么如何請(qǐng)求一個(gè)access_token的值呢? 直接調(diào)用這個(gè) acccess_token()的方法即可
request url: http://restful.thinkphp.com/r...
還請(qǐng)得之前創(chuàng)建數(shù)據(jù)表時(shí)����,有添加了一條新數(shù)據(jù)嗎? 其作用就是相當(dāng)于用來(lái)獲取access_token的賬號(hào)密碼之類的, 記得需要使用 Post方式獲取token
請(qǐng)求的參數(shù)
{
client_id=admin
client_secret=123456
grant_type=client_credentials //這個(gè)參數(shù)是固定的
}
如果請(qǐng)求成功的話��,會(huì)返回如下圖所示:
貼上��,通過(guò)ff瀏覽器httprequest的請(qǐng)求界面:
4) 通過(guò) access_token 獲取接口數(shù)據(jù) ,Sms.php
namespace apprestfulcontroller;
/**
Created by PhpStorm.
User: Administrator
Date: 2018/7/29
Time: 22:02
*/
use appcommonOauth2;
class Sms extends Oauth2
{
protected $_server;
/**
* @授權(quán)配置
*/
public function __construct()
{
$this->_server = $this->grantTypeOauth2();
}
public function test()
{
//access_token驗(yàn)證
$this->checkApiAuthroize($this->_server);
echo "成功請(qǐng)求到數(shù)據(jù)";
}
}
三����、 測(cè)試效果如圖:
1)首先不帶access_token請(qǐng)求�����, test()方法:
結(jié)果出現(xiàn)一個(gè)401未驗(yàn)證通過(guò)的狀態(tài)
2)然后請(qǐng)求一個(gè)錯(cuò)誤的access_token, test()方法
同樣是一個(gè)401的狀態(tài)�����,但此時(shí)�,如圖
有信息返回給我們
3) 最后���,使用一個(gè)正確的access_token, test()方法
所以����,基于第1種情況和第2種情況�,你應(yīng)該自定一個(gè)token未驗(yàn)證成功的方法,如圖:
完結(jié)�����。
如有疑問(wèn)需解答�, 請(qǐng)加學(xué)習(xí)群 2751786, 謝謝
