學說2
建立客戶端和訪問令牌儲存
要把學說融入到你的專案中,首先要建立你的實體。我們先從客戶端,使用者和訪問令牌模型開始:
YourNamespace\Entity\OAuthClient:
type: entity
table: oauth_clients
repositoryClass: YourNamespace\Repository\OAuthClientRepository
id:
id:
type: integer
generator:
strategy: AUTO
fields:
client_identifier:
type: string
max_length: 50
unique: true
client_secret:
type: string
max_length: 20
redirect_uri:
type: string
max_length: 255
default: ""
YourNamespace\Entity\OAuthUser:
type: entity
table: oauth_users
repositoryClass: YourNamespace\Repository\OAuthUserRepository
id:
id:
type: integer
generator:
strategy: AUTO
fields:
email:
type: string
unique: true
password:
type: string
indexes:
email_index:
columns: [ email ]
YourNamespace\Entity\OAuthAccessToken:
type: entity
table: oauth_access_tokens
repositoryClass: YourNamespace\Repository\OAuthAccessTokenRepository
id:
id:
type: integer
generator:
strategy: AUTO
fields:
token:
type: string
max_length: 40
unique: true
client_id:
type: integer
user_id:
type: integer
nullable: true
expires:
type: datetime
scope:
type: string
max_length: 50
nullable: true
manyToOne:
client:
targetEntity: YourNamespace\Entity\OAuthClient
joinColumn:
name: client_id
referencedColumnName: id
user:
targetEntity: YourNamespace\Entity\OAuthUser
joinColumn:
name: user_id
referencedColumnName: id
一旦你從這個模式生成了實體,你將會得到一個OAuthClient
和OAuthClientRepository
,OAuthUser
和OAuthUserRepository
,以及一個OAuthAccessToken
和OAuthAccessTokenRepository
檔案。
僅供參考,以下是實體的外觀:
namespace YourNamespace\Entity;
/**
* OAuthClient
* @entity(repositoryClass="YourNamespace\Repository\OAuthClientRepository")
*/
class OAuthClient extends EncryptableFieldEntity
{
/**
* @var integer
*/
private $id;
/**
* @var string
*/
private $client_identifier;
/**
* @var string
*/
private $client_secret;
/**
* @var string
*/
private $redirect_uri = '';
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set client_identifier
*
* @param string $clientIdentifier
* @return OAuthClient
*/
public function setClientIdentifier($clientIdentifier)
{
$this->client_identifier = $clientIdentifier;
return $this;
}
/**
* Get client_identifier
*
* @return string
*/
public function getClientIdentifier()
{
return $this->client_identifier;
}
/**
* Set client_secret
*
* @param string $clientSecret
* @return OAuthClient
*/
public function setClientSecret($clientSecret)
{
$this->client_secret = $this->encryptField($clientSecret);
return $this;
}
/**
* Get client_secret
*
* @return string
*/
public function getClientSecret()
{
return $this->client_secret;
}
/**
* Verify client's secret
*
* @param string $password
* @return Boolean
*/
public function verifyClientSecret($clientSecret)
{
return $this->verifyEncryptedFieldValue($this->getClientSecret(), $clientSecret);
}
/**
* Set redirect_uri
*
* @param string $redirectUri
* @return OAuthClient
*/
public function setRedirectUri($redirectUri)
{
$this->redirect_uri = $redirectUri;
return $this;
}
/**
* Get redirect_uri
*
* @return string
*/
public function getRedirectUri()
{
return $this->redirect_uri;
}
public function toArray()
{
return [
'client_id' => $this->client_identifier,
'client_secret' => $this->client_secret,
'redirect_uri' => $this->redirect_uri,
];
}
}
namespace YourNamespace\Entity;
/**
* OAuthUser
* @entity(repositoryClass="YourNamespace\Repository\OAuthUserRepository")
*/
class OAuthUser extends EncryptableFieldEntity
{
/**
* @var integer
*/
private $id;
/**
* @var string
*/
private $email;
/**
* @var string
*/
private $password;
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set email
*
* @param string $email
* @return User
*/
public function setEmail($email)
{
$this->email = $email;
return $this;
}
/**
* Get email
*
* @return string
*/
public function getEmail()
{
return $this->email;
}
/**
* Set password
*
* @param string $password
* @return User
*/
public function setPassword($password)
{
$this->password = $this->encryptField($password);
return $this;
}
/**
* Get password
*
* @return string
*/
public function getPassword()
{
return $this->password;
}
/**
* Verify user's password
*
* @param string $password
* @return Boolean
*/
public function verifyPassword($password)
{
return $this->verifyEncryptedFieldValue($this->getPassword(), $password);
}
public function toArray()
{
return [
'user_id' => $this->id,
'scope' => null,
];
}
}
namespace YourNamespace\Entity;
/**
* OAuthAccessToken
*/
class OAuthAccessToken
{
/**
* @var integer
*/
private $id;
/**
* @var string
*/
private $token;
/**
* @var string
*/
private $client_id;
/**
* @var string
*/
private $user_id;
/**
* @var \DateTime
*/
private $expires;
/**
* @var string
*/
private $scope;
/**
* @var \YourNamespace\Entity\OAuthClient
*/
private $client;
/**
* @var \YourNamespace\Entity\OAuthUser
*/
private $user;
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set token
*
* @param string $token
* @return OAuthAccessToken
*/
public function setToken($token)
{
$this->token = $token;
return $this;
}
/**
* Get token
*
* @return string
*/
public function getToken()
{
return $this->token;
}
/**
* Set client_id
*
* @param string $clientId
* @return OAuthAccessToken
*/
public function setClientId($clientId)
{
$this->client_id = $clientId;
return $this;
}
/**
* Get client_id
*
* @return string
*/
public function getClientId()
{
return $this->client_id;
}
/**
* Set user_id
*
* @param string $userIdentifier
* @return OAuthAccessToken
*/
public function setUserId($userId)
{
$this->user_id = $userId;
return $this;
}
/**
* Get user_identifier
*
* @return string
*/
public function getUserId()
{
return $this->user_id;
}
/**
* Set expires
*
* @param \DateTime $expires
* @return OAuthAccessToken
*/
public function setExpires($expires)
{
$this->expires = $expires;
return $this;
}
/**
* Get expires
*
* @return \DateTime
*/
public function getExpires()
{
return $this->expires;
}
/**
* Set scope
*
* @param string $scope
* @return OAuthAccessToken
*/
public function setScope($scope)
{
$this->scope = $scope;
return $this;
}
/**
* Get scope
*
* @return string
*/
public function getScope()
{
return $this->scope;
}
/**
* Set client
*
* @param \YourNamespace\Entity\OAuthClient $client
* @return OAuthAccessToken
*/
public function setClient(\YourNamespace\Entity\OAuthClient $client = null)
{
$this->client = $client;
return $this;
}
/**
* Get client
*
* @return \YourNamespace\Entity\OAuthClient
*/
public function getClient()
{
return $this->client;
}
public static function fromArray($params)
{
$token = new self();
foreach ($params as $property => $value) {
$token->$property = $value;
}
return $token;
}
/**
* Set user
*
* @param \YourNamespace\Entity\OAuthUser $user
* @return OAuthRefreshToken
*/
public function setUser(\YourNamespace\Entity\OAuthUser $user = null)
{
$this->user = $user;
return $this;
}
/**
* Get user
*
* @return \YourNamespace\Entity\OAuthUser
*/
public function getUser()
{
return $this->client;
}
public function toArray()
{
return [
'token' => $this->token,
'client_id' => $this->client_id,
'user_id' => $this->user_id,
'expires' => $this->expires,
'scope' => $this->scope,
];
}
}
我也建立了EncryptableEntity類,它對敏感資料(客戶機密和使用者密碼)進行抽象加密:
namespace YourNamespace\Entity;
class EncryptableFieldEntity
{
protected $hashOptions = ['cost' => 11];
protected function encryptField($value)
{
return password_hash(
$value, PASSWORD_BCRYPT, $this->hashOptions);
}
protected function verifyEncryptedFieldValue($encryptedValue, $value)
{
return password_verify($value, $encryptedValue);
}
}
OAuth2\Storage\ClientCredentialsInterface
在OAuthClientRepository
課堂上實施:
namespace YourNamespace\Repository;
use Doctrine\ORM\EntityRepository;
use OAuth2\Storage\ClientCredentialsInterface;
class OAuthClientRepository extends EntityRepository implements ClientCredentialsInterface
{
public function getClientDetails($clientIdentifier)
{
$client = $this->findOneBy(['client_identifier' => $clientIdentifier]);
if ($client) {
$client = $client->toArray();
}
return $client;
}
public function checkClientCredentials($clientIdentifier, $clientSecret = NULL)
{
$client = $this->findOneBy(['client_identifier' => $clientIdentifier]);
if ($client) {
return $client->verifyClientSecret($clientSecret);
}
return false;
}
public function checkRestrictedGrantType($clientId, $grantType)
{
// we do not support different grant types per client in this example
return true;
}
public function isPublicClient($clientId)
{
return false;
}
public function getClientScope($clientId)
{
return null;
}
}
現在OAuth2\Storage\UserCredentialsInterface
在OAuthUser
課堂上實施:
namespace YourNamespace\Repository;
use Doctrine\ORM\EntityRepository;
use OAuth2\Storage\UserCredentialsInterface;
class OAuthUserRepository extends EntityRepository implements UserCredentialsInterface
{
public function checkUserCredentials($email, $password)
{
$user = $this->findOneBy(['email' => $email]);
if ($user) {
return $user->verifyPassword($password);
}
return false;
}
/**
* @return
* ARRAY the associated "user_id" and optional "scope" values
* This function MUST return FALSE if the requested user does not exist or is
* invalid. "scope" is a space-separated list of restricted scopes.
* @code
* return array(
* "user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token
* "scope" => SCOPE // OPTIONAL space-separated list of restricted scopes
* );
* @endcode
*/
public function getUserDetails($email)
{
$user = $this->findOneBy(['email' => $email]);
if ($user) {
$user = $user->toArray();
}
return $user;
}
}
現在OAuth2\Storage\AccessTokenInterface
在OAuthAccessTokenTable
課堂上實施:
namespace YourNamespace\Repository;
use Doctrine\ORM\EntityRepository;
use YourNamespace\Entity\OAuthAccessToken;
use OAuth2\Storage\AccessTokenInterface;
class OAuthAccessTokenRepository extends EntityRepository implements AccessTokenInterface
{
public function getAccessToken($oauthToken)
{
$token = $this->findOneBy(['token' => $oauthToken]);
if ($token) {
$token = $token->toArray();
$token['expires'] = $token['expires']->getTimestamp();
}
return $token;
}
public function setAccessToken($oauthToken, $clientIdentifier, $userEmail, $expires, $scope = null)
{
$client = $this->_em->getRepository('YourNamespace\Entity\OAuthClient')
->findOneBy(['client_identifier' => $clientIdentifier]);
$user = $this->_em->getRepository('YourNamespace\Entity\OAuthUser')
->findOneBy(['email' => $userEmail]);
$token = OAuthAccessToken::fromArray([
'token' => $oauthToken,
'client' => $client,
'user' => $user,
'expires' => (new \DateTime())->setTimestamp($expires),
'scope' => $scope,
]);
$this->_em->persist($token);
$this->_em->flush();
}
}
做得好!現在,當你建立你的OAuth\Server
物件的時候,把這些表傳遞給:
$clientStorage = $entityManager->getRepository('YourNamespace\Entity\OAuthClient');
$userStorage = $entityManager->getRepository('YourNamespace\Entity\OAuthUser');
$accessTokenStorage = $entityManager->getRepository('YourNamespace\Entity\OAuthAccessToken');
// Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
'client_credentials' => $clientStorage,
'user_credentials' => $userStorage,
'access_token' => $accessTokenStorage,
], [
'auth_code_lifetime' => 30,
'refresh_token_lifetime' => 30,
]);
你做到了!你已經把你的伺服器與主義聯絡起來了!你可以去鎮使用它,但因為你只通過它client_credentials
與access_token
儲存物件,你只能使用client_credentials
與user_credentials
授予型別:
// will be able to handle token requests when "grant_type=client_credentials".
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));
// will be able to handle token requests when "grant_type=password".
$server->addGrantType(new \OAuth2\GrantType\UserCredentials($userStorage));
// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
新增授權碼和重新整理令牌儲存
所以讓我們的應用程式更加精彩一點。將以下內容新增到您的模式並生成其他實體:
YourNamespace\Entity\OAuthAuthorizationCode:
type: entity
table: oauth_authorization_codes
repositoryClass: YourNamespace\Repository\OAuthAuthorizationCodeRepository
id:
id:
type: integer
generator:
strategy: AUTO
fields:
code:
type: string
max_length: 40
unique: true
client_id:
type: integer
user_id:
type: integer
nullable: true
expires:
type: datetime
redirect_uri:
type: string
max_length: 200
scope:
type: string
max_length: 50
nullable: true
manyToOne:
client:
targetEntity: YourNamespace\Entity\OAuthClient
joinColumn:
name: client_id
referencedColumnName: id
user:
targetEntity: YourNamespace\Entity\OAuthUser
joinColumn:
name: user_id
referencedColumnName: id
YourNamespace\Entity\OAuthRefreshToken:
type: entity
table: oauth_refresh_tokens
repositoryClass: YourNamespace\Repository\OAuthRefreshTokenRepository
id:
id:
type: integer
generator:
strategy: AUTO
fields:
refresh_token:
refresh_token: string
max_length: 40
unique: true
client_id:
type: integer
user_id:
type: integer
nullable: true
expires:
type: datetime
scope:
type: string
max_length: 50
nullable: true
manyToOne:
client:
targetEntity: YourNamespace\Entity\OAuthClient
joinColumn:
name: client_id
referencedColumnName: id
user:
targetEntity: YourNamespace\Entity\OAuthUser
joinColumn:
name: user_id
referencedColumnName: id
僅供參考,下面是實體的外觀:
namespace YourNamespace\Entity;
/**
* OAuthAuthorizationCode
*/
class OAuthAuthorizationCode
{
/**
* @var integer
*/
private $id;
/**
* @var string
*/
private $code;
/**
* @var string
*/
private $client_id;
/**
* @var string
*/
private $user_id;
/**
* @var \DateTime
*/
private $expires;
/**
* @var string
*/
private $redirect_uri;
/**
* @var string
*/
private $scope;
/**
* @var \YourNamespace\Entity\OAuthClient
*/
private $client;
/**
* @var \YourNamespace\Entity\OAuthUser
*/
private $user;
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set code
*
* @param string $code
* @return OAuthAuthorizationCode
*/
public function setCode($code)
{
$this->code = $code;
return $this;
}
/**
* Get code
*
* @return string
*/
public function getCode()
{
return $this->code;
}
/**
* Set client_id
*
* @param string $clientId
* @return OAuthAuthorizationCode
*/
public function setClientId($clientId)
{
$this->client_id = $clientId;
return $this;
}
/**
* Get client_id
*
* @return string
*/
public function getClientId()
{
return $this->client_id;
}
/**
* Set user_id
*
* @param string $userIdentifier
* @return OAuthAuthorizationCode
*/
public function setUserId($userId)
{
$this->user_id = $userId;
return $this;
}
/**
* Get user_identifier
*
* @return string
*/
public function getUserId()
{
return $this->user_id;
}
/**
* Set expires
*
* @param \DateTime $expires
* @return OAuthAuthorizationCode
*/
public function setExpires($expires)
{
$this->expires = $expires;
return $this;
}
/**
* Get expires
*
* @return \DateTime
*/
public function getExpires()
{
return $this->expires;
}
/**
* Set redirect_uri
*
* @param string $redirectUri
* @return OAuthAuthorizationCode
*/
public function setRedirectUri($redirectUri)
{
$this->redirect_uri = $redirectUri;
return $this;
}
/**
* Get redirect_uri
*
* @return string
*/
public function getRedirectUri()
{
return $this->redirect_uri;
}
/**
* Set scope
*
* @param string $scope
* @return OAuthAuthorizationCode
*/
public function setScope($scope)
{
$this->scope = $scope;
return $this;
}
/**
* Get scope
*
* @return string
*/
public function getScope()
{
return $this->scope;
}
/**
* Set client
*
* @param \YourNamespace\Entity\OAuthClient $client
* @return OAuthAuthorizationCode
*/
public function setClient(\YourNamespace\Entity\OAuthClient $client = null)
{
$this->client = $client;
return $this;
}
/**
* Get client
*
* @return \YourNamespace\Entity\OAuthClient
*/
public function getClient()
{
return $this->client;
}
/**
* Set user
*
* @param \YourNamespace\Entity\OAuthUser $user
* @return OAuthRefreshToken
*/
public function setUser(\YourNamespace\Entity\OAuthUser $user = null)
{
$this->user = $user;
return $this;
}
/**
* Get user
*
* @return \YourNamespace\Entity\OAuthUser
*/
public function getUser()
{
return $this->client;
}
public function toArray()
{
return [
'code' => $this->code,
'client_id' => $this->client_id,
'user_id' => $this->user_id,
'expires' => $this->expires,
'scope' => $this->scope,
];
}
public static function fromArray($params)
{
$code = new self();
foreach ($params as $property => $value) {
$code->$property = $value;
}
return $code;
}
}
namespace YourNamespace\Entity;
/**
* OAuthRefreshToken
* @entity(repositoryClass="YourNamespace\Repository\OAuthRefreshTokenRepository")
*/
class OAuthRefreshToken
{
/**
* @var integer
*/
private $id;
/**
* @var string
*/
private $refresh_token;
/**
* @var string
*/
private $client_id;
/**
* @var string
*/
private $user_id;
/**
* @var \DateTime
*/
private $expires;
/**
* @var string
*/
private $scope;
/**
* @var \YourNamespace\Entity\OAuthClient
*/
private $client;
/**
* @var \YourNamespace\Entity\OAuthUser
*/
private $user;
/**
* Get id
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Set refresh_token
*
* @param string $refresh_token
* @return OAuthRefreshToken
*/
public function setRefreshToken($refresh_token)
{
$this->refresh_token = $refresh_token;
return $this;
}
/**
* Get refresh_token
*
* @return string
*/
public function getRefreshToken()
{
return $this->refresh_token;
}
/**
* Set client_id
*
* @param string $clientId
* @return OAuthRefreshToken
*/
public function setClientId($clientId)
{
$this->client_id = $clientId;
return $this;
}
/**
* Get client_id
*
* @return string
*/
public function getClientId()
{
return $this->client_id;
}
/**
* Set user_id
*
* @param string $userIdentifier
* @return OAuthRefreshToken
*/
public function setUserId($userId)
{
$this->user_id = $userId;
return $this;
}
/**
* Get user_identifier
*
* @return string
*/
public function getUserId()
{
return $this->user_id;
}
/**
* Set expires
*
* @param \DateTime $expires
* @return OAuthRefreshToken
*/
public function setExpires($expires)
{
$this->expires = $expires;
return $this;
}
/**
* Get expires
*
* @return \DateTime
*/
public function getExpires()
{
return $this->expires;
}
/**
* Set scope
*
* @param string $scope
* @return OAuthRefreshToken
*/
public function setScope($scope)
{
$this->scope = $scope;
return $this;
}
/**
* Get scope
*
* @return string
*/
public function getScope()
{
return $this->scope;
}
/**
* Set client
*
* @param \YourNamespace\Entity\OAuthClient $client
* @return OAuthRefreshToken
*/
public function setClient(\YourNamespace\Entity\OAuthClient $client = null)
{
$this->client = $client;
return $this;
}
/**
* Get client
*
* @return \YourNamespace\Entity\OAuthClient
*/
public function getClient()
{
return $this->client;
}
/**
* Set user
*
* @param \YourNamespace\Entity\OAuthUser $user
* @return OAuthRefreshToken
*/
public function setUser(\YourNamespace\Entity\OAuthUser $user = null)
{
$this->user = $user;
return $this;
}
/**
* Get user
*
* @return \YourNamespace\Entity\OAuthUser
*/
public function getUser()
{
return $this->client;
}
public function toArray()
{
return [
'refresh_token' => $this->refresh_token,
'client_id' => $this->client_id,
'user_id' => $this->user_id,
'expires' => $this->expires,
'scope' => $this->scope,
];
}
public static function fromArray($params)
{
$token = new self();
foreach ($params as $property => $value) {
$token->$property = $value;
}
return $token;
}
}
現在,我們可以實現兩個介面,OAuth2\Storage\AuthorizationCodeInterface
和OAuth2\Storage\RefreshTokenInterface
。這將允許我們使用他們的對應授權型別。
OAuth2\Storage\AuthorizationCodeInterface
在OAuthAuthorizationCodeRepository
課堂上實施:
namespace YourNamespace\Repository;
use Doctrine\ORM\EntityRepository;
use YourNamespace\Entity\OAuthAuthorizationCode;
use OAuth2\Storage\AuthorizationCodeInterface;
class OAuthAuthorizationCodeRepository extends EntityRepository implements AuthorizationCodeInterface
{
public function getAuthorizationCode($code)
{
$authCode = $this->findOneBy(['code' => $code]);
if ($authCode) {
$authCode = $authCode->toArray();
$authCode['expires'] = $authCode['expires']->getTimestamp();
}
return $authCode;
}
public function setAuthorizationCode($code, $clientIdentifier, $userEmail, $redirectUri, $expires, $scope = null)
{
$client = $this->_em->getRepository('YourNamespace\Entity\OAuthClient')
->findOneBy(array('client_identifier' => $clientIdentifier));
$user = $this->_em->getRepository('YourNamespace\Entity\OAuthUser')
->findOneBy(['email' => $userEmail]);
$authCode = OAuthAuthorizationCode::fromArray([
'code' => $code,
'client' => $client,
'user' => $user,
'redirect_uri' => $redirectUri,
'expires' => (new \DateTime())->setTimestamp($expires),
'scope' => $scope,
]);
$this->_em->persist($authCode);
$this->_em->flush();
}
public function expireAuthorizationCode($code)
{
$authCode = $this->findOneBy(['code' => $code]);
$this->_em->remove($authCode);
$this->_em->flush();
}
}
OAuth2\Storage\RefreshTokenInterface
在OAuthRefreshTokenRepository
課堂上實施:
namespace YourNamespace\Repository;
use Doctrine\ORM\EntityRepository;
use YourNamespace\Entity\OAuthRefreshToken;
use OAuth2\Storage\RefreshTokenInterface;
class OAuthRefreshTokenRepository extends EntityRepository implements RefreshTokenInterface
{
public function getRefreshToken($refreshToken)
{
$refreshToken = $this->findOneBy(['refresh_token' => $refreshToken]);
if ($refreshToken) {
$refreshToken = $refreshToken->toArray();
$refreshToken['expires'] = $refreshToken['expires']->getTimestamp();
}
return $refreshToken;
}
public function setRefreshToken($refreshToken, $clientIdentifier, $userEmail, $expires, $scope = null)
{
$client = $this->_em->getRepository('YourNamespace\Entity\OAuthClient')
->findOneBy(['client_identifier' => $clientIdentifier]);
$user = $this->_em->getRepository('YourNamespace\Entity\OAuthUser')
->findOneBy(['email' => $userEmail]);
$refreshToken = OAuthRefreshToken::fromArray([
'refresh_token' => $refreshToken,
'client' => $client,
'user' => $user,
'expires' => (new \DateTime())->setTimestamp($expires),
'scope' => $scope,
]);
$this->_em->persist($refreshToken);
$this->_em->flush();
}
public function unsetRefreshToken($refreshToken)
{
$refreshToken = $this->findOneBy(['refresh_token' => $refreshToken]);
$this->_em->remove($refreshToken);
$this->_em->flush();
}
}
現在我們可以在我們的伺服器上新增兩個授權型別:
$clientStorage = $app['db.orm.em']->getRepository('YourNamespace\Entity\OAuthClient');
$userStorage = $app['db.orm.em']->getRepository('YourNamespace\Entity\OAuthUser');
$accessTokenStorage = $app['db.orm.em']->getRepository('YourNamespace\Entity\OAuthAccessToken');
$authorizationCodeStorage = $app['db.orm.em']->getRepository('YourNamespace\Entity\OAuthAuthorizationCode');
$refreshTokenStorage = $app['db.orm.em']->getRepository('YourNamespace\Entity\OAuthRefreshToken');
// Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
'client_credentials' => $clientStorage,
'user_credentials' => $userStorage,
'access_token' => $accessTokenStorage,
'authorization_code' => $authorizationCodeStorage,
'refresh_token' => $refreshTokenStorage,
], [
'auth_code_lifetime' => 30,
'refresh_token_lifetime' => 30,
]);
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($codeStorage));
$server->addGrantType(new OAuth2\GrantType\RefreshToken($refreshStorage));
$server->addGrantType(new \OAuth2\GrantType\AuthorizationCode($authorizationCodeStorage));
$server->addGrantType(new \OAuth2\GrantType\RefreshToken($refreshTokenStorage, [
// the refresh token grant request will have a "refresh_token" field
// with a new refresh token on each request
'always_issue_new_refresh_token' => true,
]));
// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
你做到了!
幾件事情要考慮:
- 儘管我已經包含了OAuthUser實體,並且使用者憑據授權正在工作,但訪問令牌尚未與使用者連結,您將不得不根據您的應用程式實現此關係。