PHP Oauth2 Server Implementation Guide Using Library
I am using Slim Framework
C Eloquent ORM
. Trying to implement https://github.com/thephpleague/oauth2-server but I'm completely confused how to do it. After adding this with composer, I created a database with sql file provided in this package.
It is now proposed to implement storage interfaces . I don't want to do this, so I just copied the storage classes found in the examples folder. I think they should work as I am using the same database correctly?
It is also unclear how to initially render the db. Here's my router where I am trying password
.
$server = new \League\OAuth2\Server\AuthorizationServer;
$server->setSessionStorage(new SessionStorage);
$server->setAccessTokenStorage(new AccessTokenStorage);
$server->setClientStorage(new ClientStorage);
$server->setScopeStorage(new ScopeStorage);
$passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) {
// implement logic here to validate a username and password, return an ID if valid, otherwise return false
return 1;
});
$server->addGrantType($passwordGrant);
$app->post('/token',function() use ($server,$app){
try{
$response = $server->issueAccessToken();
$res = $app->response();
$res['Content-Type'] = 'application/json';
$res->body(json_encode($response));
} catch (\Exception $e) {
var_dump($e);
}
});
I am completely upset with what is happening. This throws the following exception. [I added an area ok
to db]
object(League\OAuth2\Server\Exception\InvalidScopeException)[82]
public 'httpStatusCode' => int 400
public 'errorType' => string 'invalid_scope' (length=13)
public 'serverShouldRedirect' => boolean true
protected 'message' => string 'The requested scope is invalid, unknown, or malformed. Check the "ok" scope.' (length=76)
private 'string' (Exception) => string '' (length=0)
protected 'code' => int 0
protected 'file' => string 'C:\wamp\www\linkshare\vendor\league\oauth2-server\src\Grant\AbstractGrant.php' (length=77)
protected 'line' => int 163
private 'trace' (Exception) =>
array (size=11)
0 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\league\oauth2-server\src\Grant\PasswordGrant.php' (length=77)
'line' => int 130
'function' => string 'validateScopes' (length=14)
'class' => string 'League\OAuth2\Server\Grant\AbstractGrant' (length=40)
'type' => string '->' (length=2)
'args' =>
array (size=2)
...
1 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\league\oauth2-server\src\AuthorizationServer.php' (length=77)
'line' => int 330
'function' => string 'completeFlow' (length=12)
'class' => string 'League\OAuth2\Server\Grant\PasswordGrant' (length=40)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
2 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\index.php' (length=31)
'line' => int 67
'function' => string 'issueAccessToken' (length=16)
'class' => string 'League\OAuth2\Server\AuthorizationServer' (length=40)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
3 =>
array (size=2)
'function' => string '{closure}' (length=9)
'args' =>
array (size=0)
...
4 =>
array (size=4)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Route.php' (length=53)
'line' => int 462
'function' => string 'call_user_func_array' (length=20)
'args' =>
array (size=2)
...
5 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Slim.php' (length=52)
'line' => int 1326
'function' => string 'dispatch' (length=8)
'class' => string 'Slim\Route' (length=10)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
6 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Middleware\Flash.php' (length=64)
'line' => int 85
'function' => string 'call' (length=4)
'class' => string 'Slim\Slim' (length=9)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
7 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Middleware\MethodOverride.php' (length=73)
'line' => int 92
'function' => string 'call' (length=4)
'class' => string 'Slim\Middleware\Flash' (length=21)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
8 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Middleware\PrettyExceptions.php' (length=75)
'line' => int 67
'function' => string 'call' (length=4)
'class' => string 'Slim\Middleware\MethodOverride' (length=30)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
9 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\vendor\slim\slim\Slim\Slim.php' (length=52)
'line' => int 1271
'function' => string 'call' (length=4)
'class' => string 'Slim\Middleware\PrettyExceptions' (length=32)
'type' => string '->' (length=2)
'args' =>
array (size=0)
...
10 =>
array (size=6)
'file' => string 'C:\wamp\www\linkshare\index.php' (length=31)
'line' => int 131
'function' => string 'run' (length=3)
'class' => string 'Slim\Slim' (length=9)
'type' => string '->' (length=2)
'args' =>
array (size=0)
source to share
OAuth 2.0 is very difficult to understand and use correctly. In fact, the OAuth 2.0 leader famously walked away from the protocol after years of development for it . In the words of Eran Hammer (the aforementioned lead developer):
Compared to OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most important, less secure.
To be clear, OAuth 2.0 plays into the hands of a developer with a deep understanding of web security, and will likely lead to a secure implementation. However, in the hands of most developers - as has been the experience of the past two years - 2.0 is likely to be insecure implementations.
So there are, of course, several claims about OAuth 2.0. Alex Bilby, Lead Developer of the PHP OAuth 2.0-Server Platform, is one of the most knowledgeable developers for OAuth 2.0, though there are undoubtedly more. That said, with one of Hammer's more serious claims in mind - lack of interoperability and completeness - you probably want to look for the following in the OAuth 2.0 implementation:
- Active development
- Full OAuth 2.0 Compliance
I personally use and recommend Alex Bilbie OAuth 2.0-Server, which now includes MAC tokens and aims to be fully compliant. It is also in active development.
So what does this mean for your project? Read the specs. The package we use claims to be fully compliant, which means your best resource is the OAuth 2.0 specification . There is also decent documentation on the PHP League website that can help you with this particular implementation.
However, you may not have enough Scope for your client / user combination. The OAuth2.0 way is structured, your user has to accept the scopes that the client requests. This means that your "areas" need to be linked in other tables. If "OK" is not approved by the user (in the database), it will not be approved.
Edit
Sounds like areas are not a problem for you. This place is poorly suited for troubleshooting, so I advise you to make sure you have the most recent version of whatever framework you choose to use and report bugs to the developer (with PHPLeague, via Github).
source to share