Windows>> oauth2-hydra>> 返回
项目作者: tulipretail

项目描述 :
Hydra Provider for the PHP League OAuth 2.0 Client
高级语言: PHP
项目地址: git://github.com/tulipretail/oauth2-hydra.git
创建时间: 2018-01-25T21:19:52Z
项目社区:https://github.com/tulipretail/oauth2-hydra
开源协议:
下载


Hydra PHP Oauth2 Client

This package provides Hydra OAuth 2.0 support for the PHP League’s OAuth 2.0 Client.

Installation

To install, use composer:

  1. composer require tulip/oauth2-hydra

Usage

Usage is the same as The League’s OAuth client, using \Hydra\OAuth2\Provider\OAuth2 as the provider.

With the Hydra SDK

You can use this library to acquire an access token for use with the Hydra SDK.

Here we get one with the ‘hydra.clients’ scope:

  1.     $provider = new \Hydra\OAuth2\Provider\OAuth2([
  2.         'clientId' => 'admin',
  3.         'clientSecret' => 'demo-password',
  4.         'domain' => 'https://your-hydra-domain',
  5.     ]);
  7.     try {
  8.         // Get an access token using the client credentials grant.
  9.         // Note that you must separate multiple scopes with a plus (+)
  10.         $accessToken = $provider->getAccessToken(
  11.             'client_credentials', ['scope' => 'hydra.clients']
  12.         );
  13.     } catch (\Hydra\Oauth2\Provider\Exception\ConnectionException $e) {
  14.         die("Connection to Hydra failed: ".$e->getMessage());
  15.     } catch (\Hydra\Oauth2\Provider\Exception\IdentityProviderException $e) {
  16.         die("Failed to get an access token: ".$e->getMessage());
  17.     }
  19.     // You may now pass $accessToken to the hydra SDK to manage clients

As an OIDC Client

You can also use this library if you are a Relying Party.

Here we send users to Hydra to authenticate so that we can complete the authorization code flow:

  1.     $provider = new \Hydra\OAuth2\Provider\OAuth2([
  2.         'clientId' => 'admin',
  3.         'clientSecret' => 'demo-password',
  4.         'domain' => 'https://your-hydra-domain',
  5.         // Be sure this is a redirect URI you registered with Hydra for your client!
  6.         'redirectUri' => 'http://your-domain.com/bobsflowers',
  7.     ]);
  9.     if (!isset($_GET['code'])) {
  11.         // If we don't have an authorization code then get one
  12.         $authUrl = $provider->getAuthorizationUrl(['scope' => ['openid']]);
  13.         $_SESSION['oauth2state'] = $provider->getState();
  14.         header('Location: '.$authUrl);
  15.         die();
  17.     // Check given state against previously stored one to mitigate CSRF attack
  18.     } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
  20.         unset($_SESSION['oauth2state']);
  21.         die('Invalid state');
  23.     } else {
  25.         // Try to get an access token (using the authorization code grant)
  26.         $token = $provider->getAccessToken('authorization_code', [
  27.             'code' => $_GET['code']
  28.         ]);
  30.         // Optional: Now you have a token you can look up a users profile data
  31.         try {
  33.             // We got an access token, let's now get the user's details
  34.             $user = $provider->getResourceOwner($token);
  36.             // $user contains public claims from the id token
  37.             printf('User info: ', json_encode($user));
  39.         } catch (\Hydra\Oauth2\Provider\Exception\IdentityProviderException $e) {
  40.             die('Unable to fetch user details: '.$e->getMessage());
  41.         }
  43.         // Use this to interact with an API on the users behalf
  44.         echo $token->getToken();
  45.     }