Comments (12)
I think in general the grant types page needs a TON of work. I wouldn't mind having a table of contents, and each grant type having a more detailed description with code samples / SQL queries
from oauth2-server-php-docs.
Sounds good, I will fork this and take a stab at helping out with that.
from oauth2-server-php-docs.
You're a rockstar!
from oauth2-server-php-docs.
Sorry, I was going to try to get a start tonight, but I got my Leap Motion in the mail today and spent all night waving my hands in front of my laptop like a retard. . . . .
I will get focused tomorrow night.
from oauth2-server-php-docs.
Hi guys ... i'm desperate to find a Resource Owner Password Credentials example. Is there one that you could point me to?
from oauth2-server-php-docs.
The table that deals specifically with the Resource Owner Password Credentials grant is the users table, but this may be significantly different depending on your existing setup. Below its the table the PDO Storage uses for its unit testing.
CREATE TABLE oauth_users (username TEXT, password TEXT, first_name TEXT, last_name TEXT
If you have any questions feel free to ask away, but maybe in another issue, to help guide us where the documentation is lacking the most.
from oauth2-server-php-docs.
Yes sorry I get that the user table will be very implementation specific. What I was looking for was the code example, not the data structure. BTW, regarding data structure. I just started creating this picture for my own benefit ... it's very rough drafty but would it be useful to share this?
from oauth2-server-php-docs.
This diagram seems pretty difficult to understand to me, and I understand the spec pretty well. I would rather see per-grant-type flow diagrams.
from oauth2-server-php-docs.
@ksnyde As far as code, once you have your storage set up its just another grant. Do you need the headers to send for a proper request or something else?? I ended up writing my own storage library so we could have more control over our backend data and leverage some caching, I am assuming you would want to extend the PDO storage and over-ride the methods that deal with the checking the user credentials so they match your exsting system.
This is all I have for code to handle a basic resourceOwner grant in the API I am starting (Using ZF2)
/**
* This method accepts a post with OAuth headers and post data, may return an access token
* @return JsonModel A JSON view model with the approiate response
*/
public function handleTokenRequest()
{
$response = $this->getOauthServer()->handleTokenRequest($this->getCurrentRequest());
$this->response->setStatusCode($response->getStatusCode());
$this->response->getHeaders()->addHeaders($response->getHttpHeaders());
return new JsonModel($response->getParameters());
}
And here is where I set up my factory and storage
/**
* Return a configured OAuth2 Server
* @return Object OAuth2\Server
*/
public function getOauthServer()
{
if ($this->OauthServer === null) {
$this->OauthServer = new OauthServer($this->getOauthStorage());
$this->OauthServer->addGrantType(new AuthorizationCode($this->getOauthStorage()));
$this->OauthServer->addGrantType(new RefreshToken($this->getOauthStorage()));
$this->OauthServer->addGrantType(new UserCredentials($this->getOauthStorage()));
}
return $this->OauthServer;
}
/**
* Return a configured Oauth\Storage\Mysqli Storage object
* @return Object Oauth\Storage\Mysqli
*/
public function getOauthStorage()
{
if ($this->OauthStorage === null) {
$this->OauthStorage = $this->getServiceLocator()->get('Oauth\Storage\Mysqli');
}
return $this->OauthStorage;
}
from oauth2-server-php-docs.
@bshaffer, I don't know if you saw the email I sent you a week or so ago but I have flow diagrams too. The storage diagram is just for someone who needs to implement the storage adaptor. They don't need the full flow, just the data structure for the various elements that the Storage
class will access. Here's an example of the flow for the Authorise Code workflow. If you don't like this either no problem ... it's helping me but I can keep it to myself :)
Flow 0 is registration
, flow 1 is authentication
, and flow 2 is authorisation
from oauth2-server-php-docs.
@Rockstar04, yes thanks. I have created a Storage
object for Couchbase and have similar code to yours although being absent minded I didn't realise until I saw your code that I'd left off the UserCredentials
grant type. That's one step closer. 👍
from oauth2-server-php-docs.
I've also been working with Couchbase and came across this issue again. I managed to get a working object as well. It's somewhat based on the PDO object, using the table name as a prefix to the Couchbase key. I'd like to shorten the keys, but was otherwise impressed with speed (faster than PDO MySQL library), which is to be expected.
I'll open an Issue on the library to see if @bshaffer is interested in integrating Couchbase storage.
from oauth2-server-php-docs.
Related Issues (20)
- Storage/Memory simple question HOT 3
- Refresh Token option HOT 1
- Use use_jwt_access_tokens with Pdo storage HOT 3
- Error response HOT 1
- How do I generate .pem file? HOT 1
- JWT at_hash not generated
- Empty response from CURL request to token controller
- Demo site is not working
- document web site cannot open. HOT 1
- unauthorized_client error when geting access token from the refresh token
- Hide authorization form
- Brute force and SQL injection
- Wrong schema definition in documentation
- Implements UserCredentialsInterface and refresh token when expired
- After 1 renew refresh token disappear
- [Laravel] How can I change token expiration time? HOT 2
- client_id is needed when using an authorization_code HOT 6
- How to revoke an issued access token? HOT 1
- Handling Users? HOT 1
- Add custom assertions/claims in id_token HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-server-php-docs.