问题描述
我正在使用 Slim Framework 使用。尝试实施,但我完全感到困惑如何做到这一点在使用作曲家添加这个之后,我用这个包中提供的sql文件创建了数据库。
I am using Slim Framework With Eloquent ORM. Trying to implement https://github.com/thephpleague/oauth2-server but I am totally confused how to do this. After adding this with composer, I created database with sql file provided in this package.
现在建议使用。我不想这样做,所以我只是复制了在示例文件夹中找到的存储类。我想他们应该正常工作,因为我正在使用相同的数据库?
Now it is suggested to implement Storage interfaces. I don't wanna do this, So I just copied storage classes found in Example Folder. I guess they should work as I am using same database right?
另外还不清楚如何初始化数据库。这是我正在尝试方法。
Also it is unclear how to initially seed the db. Here's my router where I am trying password method.
$server = new \League\OAuth2\Server\AuthorizationServer;
$server->setSessionStorage(new SessionStorage);
$server->setAccessTokenStorage(new AccessTokenStorage);
$server->setClientStorage(new ClientStorage);
$server->setScopeStorage(new ScopeStorage);
$passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) {
// implement logic here to validate a username and password, return an ID if valid, otherwise return false
return 1;
});
$server->addGrantType($passwordGrant);
$app->post('/token',function() use ($server,$app){
try{
$response = $server->issueAccessToken();
$res = $app->response();
$res['Content-Type'] = 'application/json';
$res->body(json_encode($response));
} catch (\Exception $e) {
var_dump($e);
}
});
我完全失望了发生了什么。
这会抛出以下异常。 [我在db中添加了 ok
I am totally frustrated whats happening. This throws following exception. [I have added scope ok in db]
object(League\OAuth2\Server\Exception\InvalidScopeException)[82]
public 'httpStatusCode' => int 400
public 'errorType' => string 'invalid_scope' (length=13)
public 'serverShouldRedirect' => boolean true
protected 'message' => string 'The requested scope is invalid, unknown, or malformed. Check the "ok" scope.' (length=76)
private 'string' (Exception) => string '' (length=0)
protected 'code' => int 0
protected 'file' => string 'C:\wamp\www\linkshare\vendor\league\oauth2-server\src\Grant\AbstractGrant.php' (length=77)
protected 'line' => int 163
private 'trace' (Exception) =>
array (size=11)
0 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\league\oauth2-server\src\Grant\PasswordGrant.php' (length=77)
'line' => int 130
'function' => string 'validateScopes' (length=14)
'class' => string 'League\OAuth2\Server\Grant\AbstractGrant' (length=40)
'type' => string '->' (length=2)
'args' =>
array (size=2)
...
1 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\league\oauth2-server\src\AuthorizationServer.php' (length=77)
'line' => int 330
'function' => string 'completeFlow' (length=12)
'class' => string 'League\OAuth2\Server\Grant\PasswordGrant' (length=40)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
2 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\index.php' (length=31)
'line' => int 67
'function' => string 'issueAccessToken' (length=16)
'class' => string 'League\OAuth2\Server\AuthorizationServer' (length=40)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
3 =>
array (size=2)
'function' => string '{closure}' (length=9)
'args' =>
array (size=0)
...
4 =>
array (size=4)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Route.php' (length=53)
'line' => int 462
'function' => string 'call_user_func_array' (length=20)
'args' =>
array (size=2)
...
5 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Slim.php' (length=52)
'line' => int 1326
'function' => string 'dispatch' (length=8)
'class' => string 'Slim\Route' (length=10)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
6 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Middleware\Flash.php' (length=64)
'line' => int 85
'function' => string 'call' (length=4)
'class' => string 'Slim\Slim' (length=9)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
7 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Middleware\MethodOverride.php' (length=73)
'line' => int 92
'function' => string 'call' (length=4)
'class' => string 'Slim\Middleware\Flash' (length=21)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
8 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Middleware\PrettyExceptions.php' (length=75)
'line' => int 67
'function' => string 'call' (length=4)
'class' => string 'Slim\Middleware\MethodOverride' (length=30)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
9 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Slim.php' (length=52)
'line' => int 1271
'function' => string 'call' (length=4)
'class' => string 'Slim\Middleware\PrettyExceptions' (length=32)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
10 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\index.php' (length=31)
'line' => int 131
'function' => string 'run' (length=3)
'class' => string 'Slim\Slim' (length=9)
'type' => string '->' (length=2)
'args' =>
array (size=0)
推荐答案
2.0是非常有挑战性地理解和使用正确。事实上,OAuth 2.0的领先者根据Eran Hammer(上述主要开发人员)的说法:
OAuth 2.0 is very challenging to understand and use correctly. In fact, the lead of OAuth 2.0 famously walked away from the protocol after years of developing for it. According to Eran Hammer (the aforementioned lead developer):
要明确的说,OAuth 2.0在开发人员手中b $ b了解Web安全性可能会导致安全的
实现。然而,在大多数开发者手中 - 由于过去两年的经验已经达到
- 2.0可能会产生
的不安全实施。
To be clear, OAuth 2.0 at the hand of a developer with deep understanding of web security will likely result is a secure implementation. However, at the hands of most developers – as has been the experience from the past two years – 2.0 is likely to produce insecure implementations.
所以不用说,有一些关于OAuth 2.0的争论。 PHP联盟OAuth 2.0服务器框架的首席开发人员Alex Bilbie似乎是OAuth 2.0知识渊博的开发人员之一,尽管无疑更多。尽管如此,请注意,Hammer的较大投诉之一 - 缺乏互操作性和完整性 - 您可能希望在OAuth 2.0实现中查找以下内容:
So needless to say, there is some contention about OAuth 2.0. Alex Bilbie, the lead developer of the PHP League's OAuth 2.0-Server framework, appears to be one of the more knowledgeable developers for OAuth 2.0, although there are undoubtedly more. Still, keeping in mind one of Hammer's larger complaints - the lack of interoperability and completeness - you probably want to look for the following in an OAuth 2.0 implementation:
- 积极发展
- 完全符合OAuth 2.0
我个人使用和推荐Alex Bilbie的OAuth 2.0服务器,现在包括MAC承载令牌,旨在完全符合标准。它也在积极的发展。
I personally use and recommend Alex Bilbie's OAuth 2.0-Server, which now includes MAC bearer tokens and aims to be fully compliant. It is also under active development.
那么这对你的项目意味着什么?了解规格。我们使用声明的包装完全符合标准,这意味着您最好的资源是本身。 下还提供了可以帮助您实现这一特定实施的体面文档。
So, what does this mean for your project? Read up on the specifications. The package we are using claims to be fully compliant, which means that your best resource is OAuth 2.0's specification itself. There is also decent documentation under the PHP League website that can help you with this particular implementation.
可以说,您可能会缺少客户端/用户组合的范围。 OAuth2.0的结构方式,您的用户需要接受客户端请求的范围。这意味着您的范围需要在其他表中链接。如果OK未被用户批准(在DB中),则不会被批准。
That being said, you may be missing the Scope for your client/user combination. The way OAuth2.0 is structured, your user needs to accept scopes that the client requests. That means that your "scopes" need to be linked in your other tables. If "OK" is not approved by a user (in the DB) then it will not be approved.
听起来像范围不是你的问题。这个场所不是很适合进行故障排除,所以我建议你确保你有最新版本的任何框架,你选择使用,并向开发人员报告任何错误(PHPLeague,它是通过Github)。
Sounds like scopes are not the issue for you. This venue is not well suited for troubleshooting so I advise that you ensure you have the most current version of whatever framework you choose to use and report any bugs to the developer (with PHPLeague, it is via Github).
这篇关于指导我使用phpleague库实现Oauth2 PHP服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!