Giter VIP home page Giter VIP logo

slim-oauth2-routes's Introduction

Chadicus\Slim\OAuth2\Routes

Build Status Code Quality Code Coverage

Latest Stable Version Latest Unstable Version License

Total Downloads Daily Downloads Monthly Downloads

Documentation

OAuth2 Server route callbacks for use within a Slim 3 Framework API

Requirements

Chadicus\Slim\OAuth2\Routes requires PHP 5.6 (or later).

Composer

To add the library as a local, per-project dependency use Composer! Simply add a dependency on chadicus/slim-oauth2-routes to your project's composer.json file such as:

composer require chadicus/slim-oauth2-routes

Contact

Developers may be contacted at:

Project Build

With a checkout of the code get Composer in your PATH and run:

./composer install
./vendor/bin/phpunit

A Note on Using Views

The authorize and receive-code route require view objects. The given view object must implement a render method such as the one found in slim/twig-view and slim/php-view. It would be best if there was a common ViewInterface which both implementing but as of now such an interface does not exist.

Community

Gitter

Example Usage

use Chadicus\Slim\OAuth2\Routes;
use OAuth2;
use OAuth2\GrantType;
use OAuth2\Storage;
use Slim;
use Slim\Views;

//Set-up the OAuth2 Server
$storage = new Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new OAuth2\Server($storage);
$server->addGrantType(new GrantType\AuthorizationCode($storage));
$server->addGrantType(new GrantType\ClientCredentials($storage));

//Set-up the Slim Application
$app = new Slim\App(
    [
        'view' => new Views\PhpRenderer('/path/to/chadicus/slim-oauth2-routes/templates'),
    ]
);

$container = $app->getContainer();

$app->map(['GET', 'POST'], Routes\Authorize::ROUTE, new Routes\Authorize($server, $container['view']))->setName('authorize');
$app->post(Routes\Token::ROUTE, new Routes\Token($server))->setName('token');
$app->map(['GET', 'POST'], Routes\ReceiveCode::ROUTE, new Routes\ReceiveCode($container['view']))->setName('receive-code');
$app->post(Routes\Revoke::ROUTE, new Routes\Revoke($server))->setName('revoke');

//Add custom routes
$slim->get('/foo', function($request, $response, $args) {
    $authorization = $request->getHeaderLine('Authorization');

    //validate access token against your storage

    return $response->withStatus(200);
});

//run the app
$app->run();

Authorize and The UserIdProvider

Within the Authorization route, you can define a UserIdProviderInterface to extract the user_id from the incoming request. By default the route will look in the GET query params.

class ArgumentUserIdProvider implements UserIdProviderInterface
{
	public function getUserId(ServerRequestInterface $request, array $arguments)
	{
		return isset($arguments['user_id']) ? $arguments['user_id'] : null;
	}
}

//middleware to add user_id to route parameters
$loginMiddelware = function ($request, $response, $next) {
	// Validate the user credentials
	$userId = MyUserService::getUserIdIfValidCredentials($request);
	if ($userId === false) {
		return $response->withStatus(303);
	}

	//Put user_id into the route parameters
	$route = $request->getAttribute('route');
	$route->setArgument('user_id', $userId);

	//Credentials are valid, continue so the authorization code can be sent to the clients callback_uri
	return $next($request, $response);
};

$authorizeRoute = new Routes\Authorize($server, $view, 'authorize.phtml', new ArgumentUserIdProvider());
$app->map(
	['GET', 'POST'],
	Routes\Authorize::ROUTE,
	$authorizeRoute
)->add($loginMiddleware)->setName('authorize');

slim-oauth2-routes's People

Contributors

chadicus avatar earllapura avatar jeffdrumgod avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

tularamaurya davidwiesner magnatron jeffdrumgod julianhm9612 tchapi

slim-oauth2-routes's Issues

Update coveralls dependency

satooshi/php-coveralls has become php-coveralls/php-coveralls. The dev dependencies should be updated accordingly.

Authorization code not linked to user_id

Expected behavior

When a user authorizes a client, the user_id should be saved with the authorization code if the user_id argument is set.

Actual behavior

The authorization code is created but without any user_id (the column user_id in table oauth_authorization_codes remains NULL)

Steps to reproduce the behavior

Invoke the Authorize route, with or without a user_id argument.

Suggested fix

The Authorize route calls handleAuthorizeRequest() on the OAuth2 server, but doesn't pass the user_id argument (which then defaults to null). Therefore the OAuth2 server won't link the authorization code to the user_id.

I suggest adding the user_id at line 84 of Authorize.php:

$user_id = isset($arguments['user_id']) ? $arguments['user_id'] : null;
$this->server->handleAuthorizeRequest($oauth2Request, $oauth2Response, $authorized === 'yes', $user_id);

Context

In my application I use Slim middleware to validate the user credentials and then set the user_id argument:

$loginMiddelware = function ($request, $response, $next) 
{
  $email = $request->getParam('email');
  $password = $request->getParam('password');

  // Validate the user credentials
  $user_id = getUserIdIfValidCredentials($email, $password);
  if ($user_id === FALSE || !is_numeric($user_id)) {
    return $response->withStatus(303)->withHeader('Location', URL_AUTHORIZE_INVALID_CREDENTIALS);
  }

  // Set the user_id argument so that Routes\Authorize can give it to handleAuthorizeRequest
  $route = $request->getAttribute('route');
  $route->setArgument('user_id', $user_id);

  // Credentials are valid, continue so the authorization code can be sent to the clients callback_uri
  $response = $next($request, $response);
  return $response;
};

__invoke magic function not working

Hi!

I have used your package in my project and it has worked. However, due to a server disk failure, I transferred my project to localhost and reconfigured it to a local database storage. When I accessed /authorize, the invoke seems to not work. I've put var_dumps at the functions, but it seems the var_dump inside the __invoke magic function did not execute, thus the authorization form did not appear.

What seems to be the problem?

Earl

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.