Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pgaultier/yii2-oauth2
OAuth2 wrapper for Yii2 applications
https://github.com/pgaultier/yii2-oauth2
oauth2-server yii2
Last synced: 2 days ago
JSON representation
OAuth2 wrapper for Yii2 applications
- Host: GitHub
- URL: https://github.com/pgaultier/yii2-oauth2
- Owner: pgaultier
- License: other
- Created: 2016-11-02T14:18:53.000Z (about 8 years ago)
- Default Branch: devel
- Last Pushed: 2023-11-29T18:59:57.000Z (about 1 year ago)
- Last Synced: 2024-12-13T16:51:49.845Z (15 days ago)
- Topics: oauth2-server, yii2
- Language: PHP
- Size: 789 KB
- Stars: 61
- Watchers: 11
- Forks: 18
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.md
Awesome Lists containing this project
README
Oauth2 Yii2 integration
=======================
This extension allow the developper to use [Oauth2](https://bshaffer.github.io/oauth2-server-php-docs/) server.
[](https://packagist.org/packages/sweelix/yii2-oauth2-server)
[](https://travis-ci.org/pgaultier/yii2-oauth2)
[](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=master)
[](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=master)
[](https://packagist.org/packages/sweelix/yii2-oauth2-server)
[](https://packagist.org/packages/sweelix/yii2-oauth2-server)
[](https://travis-ci.org/pgaultier/yii2-oauth2)
[](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=devel)
[](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=devel)
[](https://packagist.org/packages/sweelix/yii2-oauth2-server)
Installation
------------
If you use Packagist for installing packages, then you can update your composer.json like this :
``` json
{
"require": {
"sweelix/yii2-oauth2-server": "~1.2.0"
}
}
```
How to use it
------------
Add extension to your configuration :
``` php
return [
//....
'bootstrap' => [
//....
'oauth2',
//....
],
'modules' => [
//....
'oauth2' => [
'class' => 'sweelix\oauth2\server\Module',
'backend' => BACKEND,
'db' => DB,
'identityClass' => 'app\models\User', // only if you don't want to use the user identityClass
//
// Parameters
//
],
//....
],
//....
];
```
You also need to enable PrettyUrl:
```php
'components' => [
//....
'urlManager' => [
'enablePrettyUrl' => true,
'rules' => [
// your rules go here
],
// ....
]
// ....
]
```
### Migrations (MySql only)
All the migrations needed can be found inside src/migrations. Be sure to configure the database connection before applying them.
### Grant types
You can find examples and explanations about every grant types [here](http://bshaffer.github.io/oauth2-server-php-docs/grant-types/authorization-code/)
and [here](https://alexbilbie.com/guide-to-oauth-2-grants/).
For the Jwt Bearer Grant, you will need to create a Jwt entry in your database for the given client and subject.
Configure Module
----------------
### Basic module parameters
* `backend` : can be **redis** or **mysql**
* `db` : id of the component or connection or connection configuration
* `identityClass` : user class used to link oauth2 authorization system default to user component `identityClass`
* `webUserParamId` : allow separation between main app user (session) and module app user, (default to **__oauth2**)
* `identityCookieName` : allow separation between main app user (cookie) and module app user, (default to **oauth2**)
* `webUser` : allow full management of module web user, (default to **[]**)
* `baseEndPoint` : base path for token and authorize endpoints default to `''`
* Token endpoint https://host.xxx/token
* Authorize endpoint https://host.xxx/authorize
* `overrideLayout` : override module layout to use another one (ex: @app/views/layouts/oauth2)
* `overrideViewPath` : override view path to use specific one (ex: @app/views/oauth2)
### Grants management
* `allowImplicit` : allow implicit grant (default to **false**)
* `allowAuthorizationCode` : allow authorization code grant (default to **true**)
* `allowClientCredentials` : allow client credentials grant (default to **true**)
* `allowPassword` : allow user credentials / password grant (default to **true**)
* `allowCredentialsInRequestBody` : allow credentials in request body (default to **true**)
* `allowPublicClients` : allow public clients (default to **true**)
* `alwaysIssueNewRefreshToken` : always issue refresh token (default to **true**)
* `unsetRefreshTokenAfterUse` : unset refresh token after use (default to **true**)
### JWT parameters (:warning: Not sure about the implementation. Use at your own risk !)
* `useJwtAccessToken` : send access tokens as JWT (default : **false**)
* `allowAlgorithm` : available algorithm for JWT (default : **['RS256', 'RS384', 'RS512']**)
* `jwtAudience` : default to token endpoint
* `storeEncryptedTokenString` : store encrypted token (default : **true**)
### Time To Live
* `idTTL` : TTL of ID Token (default to **3600**)
* `accessTokenTTL` : TTL of access token (default to **3600**)
* `refreshTokenTTL` : TTL of refresh token (default to **14 * 24 * 3600**)
### Basic Oauth names
* `realm` : Realm value (default to **Service**)
* `tokenQueryName` : name of the access token parameter (default to **access_token**)
* `tokenBearerName` : name of authorization header (default to **Bearer**)
### Enforce parameters
* `enforceState` : enforce state parameter (default to **true**)
* `allowOnlyRedirectUri` : need exact redirect URI (default to **true**)
### OpenID
* `allowOpenIdConnect` : enable openId connect (default : **false**) // not implemented yet
### Authorization Code parameters
* `enforceRedirect` : enforce redirect parameter (default to **false**)
* `authorizationCodeTTL` : TTL of authorization code (default to **30**)
### CORS
* `cors` : enable `CORS` on the token endpoint (default : **false**) the CORS part can be defined using an array as described [in Yii documentation](http://www.yiiframework.com/doc-2.0/yii-filters-cors.html)
``` php
return [
//....
'bootstrap' => [
//....
'oauth2',
//....
],
'modules' => [
//....
'oauth2' => [
'class' => 'sweelix\oauth2\server\Module',
'backend' => 'redis',
'db' => 'redis',
'identityClass' => 'app\models\User', // only if you don't want to use the user identityClass
//
// Cors parameters example :
//
'cors' => [
'Origin' => ['https://www.myowndomain.com'],
]
],
//....
],
//....
];
```
User identity and Web user
--------------------------
Configure the user component to link oauth2 system and user / identity management
``` php
return [
//....
'components' => [
//....
'user' => [
'class' => 'sweelix\oauth2\server\web\User',
'identityClass' => 'app\models\User', // Identity class must implement UserModelInterface
//
// Parameters
//
],
//....
],
//....
];
```
`IdentityClass` must implements `sweelix\oauth2\server\interfaces\UserModelInterface`. You can use the trait
`sweelix\oauth2\server\traits\IdentityTrait` to automagically implement
* `public function getRestrictedScopes()`
* `public function setRestrictedScopes($scopes)`
* `public static function findIdentityByAccessToken($token, $type = null)`
you will have to implement the remaining methods :
* `public static function findByUsernameAndPassword($username, $password)`
* `public static function findByUsername($username)`
Creating specific view for OAuth2
---------------------------------
In order to use your own views (instead of the builtin ones), you can override
* `layout` : module parameter `overrideLayout`
* `viewPath` : module parameter `overrideViewPath`
### Overriding layout
You should create a classic layout like :
```php
beginPage(); ?>
title); ?>
head(); ?>
beginBody(); ?>
endBody(); ?>