Download the PHP package roaresearch/yii2-oauth2-server without Composer

Yii2 OAuth2 Server

A wrapper for implementing an OAuth2 Server.

Scrutinizer

This project was forked from Filsh Original Project but the changes are not transparent, read [UPGRADE.md] to pass to the latest version.

Installation

The preferred way to install this extension is through composer.

Either run

or add

to the require section of your composer.json.

Usage

To use this extension, simply add the following code in your application configuration as a new module:

Bootstrap will initialize translation and add the required url rules to Yii::$app->urlManager.

JWT tokens

There is no JWT token support on this fork, feel free to submit a (pull request)[https://github.com/roaresearch/yii2-oauth2-server/pulls] to enable this functionality.

UserCredentialsInterface

The class passed to Yii::$app->user->identityClass must implement the interface \OAuth2\Storage\UserCredentialsInterface, to store oauth2 credentials in user table.

Migrations

The next step is to run migrations

The first commando create the OAuth2 database scheme. The second command insert test client credentials testclient:testpass for http://fake/.

Controllers

To support authentication by access token. Simply add the behaviors for your controller or module.

The code above is the same as the default implementation which can be simplified as:

Scopes

The property roaresearch\yii2\oauth2server\filters\auth\CompositeAuth::$actionScopes set which actions require specific scopes. If those scopes are not meet the action wont be executed, and the server will reply with an HTTP Status Code 403.

Automatically Revoke Tokens

Sometimes its neccessary to revoke a token on each request to prevent the request from being triggered twice.

To enable this functionality you need to implement roaresearch\yii2\oauth2server\RevokeAccessTokenInterface in the class used to identify the authenticated user.

Then use the previous class as configuration for Yii::$app->user->identityClass

Attaching the action filter roaresearch\yii2\oauth2server\filters\RevokeAccessToken allows to configure the actions to automatically revoke the access token.

Generate Token with JS

To get access token (js example):

Authorize Action

Action used to generate access codes for external servers. To test its use first run the provided fixtures so the testclient is loaded into the database.

If the test url you are using is not on the default uri list, you will have to modify the information on the table oauth_clients in your database.

Then you can test the access code generation by accessing the Yii2 uri

Which must show a minimal form with just 2 buttons to choose whether you deny or authorize. If you authorize a new access code will be generated and will redirect to:

If you deny access, it will redirect to the same URI with an error code instead.

You can use the class roaresearch\yii2\oauth2server\actions\AuthorizeAction to declare authorize actions at any controller you want.

Built With

• Yii 2: The Fast, Secure and Professional PHP Framework http://www.yiiframework.com

Code of Conduct

Please read CODE_OF_CONDUCT.md for details on our code of conduct.

Contributing

Please read CONTRIBUTING.md for details on the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Considering SemVer for versioning rules 9, 10 and 11 talk about pre-releases, they will not be used.

Authors

• Angel Guevara - Initial work
• Carlos Llamosas - Initial work

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

For more, see https://github.com/bshaffer/oauth2-server-php