tecnocen/yii2-oauth2-server

OAuth2 Server for PHP

Yii2 OAuth2 Server

A wrapper for implementing an OAuth2 Server., _(*1)

, _(*2)

Travis , _(*3)

This project was forked from Filsh Original Project but the changes are not transparent, read [UPGRADE.md] to pass to the latest version., _(*4)

Installation

The preferred way to install this extension is through composer., _(*5)

Either run, _(*6)

php composer.phar require --prefer-dist tecnocen/yii2-oauth2-server "*"

or add, _(*7)

"tecnocen/yii2-oauth2-server": "~4.1"

to the require section of your composer.json., _(*8)

Usage

To use this extension, simply add the following code in your application configuration as a new module:, _(*9)

    'bootstrap' => ['oauth2'],
    'modules'=>[
        // other modules ...
        'oauth2' => [
            'class' => 'tecnocen\oauth2server\Module',            
            'tokenParamName' => 'accessToken',
            'tokenAccessLifetime' => 3600 * 24,
            'storageMap' => [
                'user_credentials' => 'app\models\User',
            ],
            'grantTypes' => [
                'user_credentials' => [
                    'class' => 'OAuth2\GrantType\UserCredentials',
                ],
                'refresh_token' => [
                    'class' => 'OAuth2\GrantType\RefreshToken',
                    'always_issue_new_refresh_token' => true
                ]
            ]
        ]
    ],

Bootstrap will initialize translation and add the required url rules to Yii::$app->urlManager., _(*10)

JWT tokens

There is no JWT token support on this fork, feel free to submit a (pull request)[https://github.com/tecnocen-com/yii2-oauth2-server/pulls] to enable this functionality., _(*11)

UserCredentialsInterface

The class passed to Yii::$app->user->identityClass must implement the interface \OAuth2\Storage\UserCredentialsInterface, to store oauth2 credentials in user table., _(*12)

use Yii;

class User extends common\models\User
    implements \OAuth2\Storage\UserCredentialsInterface
{

    /**
     * Implemented for Oauth2 Interface
     */
    public static function findIdentityByAccessToken($token, $type = null)
    {
        /** @var \tecnocen\oauth2server\Module $module */
        $module = Yii::$app->getModule('oauth2');
        $token = $module->getServer()->getResourceController()->getToken();
        return !empty($token['user_id'])
                    ? static::findIdentity($token['user_id'])
                    : null;
    }

    /**
     * Implemented for Oauth2 Interface
     */
    public function checkUserCredentials($username, $password)
    {
        $user = static::findByUsername($username);
        if (empty($user)) {
            return false;
        }
        return $user->validatePassword($password);
    }

    /**
     * Implemented for Oauth2 Interface
     */
    public function getUserDetails($username)
    {
        $user = static::findByUsername($username);
        return ['user_id' => $user->getId()];
    }
}

Migrations

The next step is to run migrations, _(*13)

yii migrate all -p=@tecnocen/oauth2server/migrations/tables
yii fixture "*" -n=tecnocen/oauth2server/fixtures

The first commando create the OAuth2 database scheme. The second command insert test client credentials testclient:testpass for http://fake/., _(*14)

Controllers

To support authentication by access token. Simply add the behaviors for your controller or module., _(*15)

use yii\helpers\ArrayHelper;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;
use tecnocen\oauth2server\filters\auth\CompositeAuth;

class Controller extends \yii\rest\Controller
{
    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        return ArrayHelper::merge(parent::behaviors(), [
            'authenticator' => [
                'class' => CompositeAuth::class,
                'authMethods' => [
                    ['class' => HttpBearerAuth::class],
                    [
                        'class' => QueryParamAuth::class,
                        'tokenParam' => 'accessToken',
                    ],
                ]
            ],
        ]);
    }
}

The code above is the same as the default implementation which can be simplified as:, _(*16)

use yii\helpers\ArrayHelper;
use tecnocen\oauth2server\filters\auth\CompositeAuth;

class Controller extends \yii\rest\Controller
{
    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        return ArrayHelper::merge(parent::behaviors(), [
            'authenticator' => CompositeAuth::class,
        ]);
    }
}

Scopes

The property tecnocen\oauth2server\filters\auth\CompositeAuth::$actionScopes set which actions require specific scopes. If those scopes are not meet the action wont be executed, and the server will reply with an HTTP Status Code 403., _(*17)

public function behaviors()
{
    return ArrayHelper::merge(parent::behaviors(), [
        'authenticator' => [
            'class' => CompositeAuth::class,
            'actionScopes' => [
                'create' => 'default create',
                'update' => 'default edit',
                '*' => 'default', // wildcards are allowed
            ]
        ],,
    ]);
}

Automatically Revoke Tokens

Sometimes its neccessary to revoke a token on each request to prevent the request from being triggered twice., _(*18)

To enable this functionality you need to implement tecnocen\oauth2server\RevokeAccessTokenInterface in the class used to identify the authenticated user., _(*19)

use OAuth2\Storage\UserCredentialsInterface;
use tecnocen\oauth2server\RevokeAccessTokenInterface;
use tecnocen\oauth2server\RevokeAccessTokenTrait;

class User extend \yii\db\ActiveRecord implement
    UserCredentialsInterface,
    RevokeAccessTokenInterface
{
    use RevokeAccessTokenTrait; // optional, trait with default implementation.

    // rest of the class.
}

Then use the previous class as configuration for Yii::$app->user->identityClass, _(*20)

Attaching the action filter tecnocen\oauth2server\filters\RevokeAccessToken allows to configure the actions to automatically revoke the access token., _(*21)

public function behaviors()
{
    return [
        'revokeToken' => [
            'class' => \tecnocen\oauth2server\filters\RevokeAccessToken::class,
            // optional only revoke the token if it has any of the following
            // scopes. if not defined it will always revoke the token.
            'scopes' => ['author', 'seller'],
            // optional whether or not revoke all tokens or just the active one
            'revokeAll' => true,
            // optional if non authenticated users are permited.
            'allowGuests' => true,
            // which actions this behavior applies to.
            'only' => ['create', 'update'],
        ]
    ];
}

Generate Token with JS

To get access token (js example):, _(*22)

var url = window.location.host + "/oauth2/token";
var data = {
    'grant_type':'password',
    'username':'<some login from your user table>',
    'password':'<real pass>',
    'client_id':'testclient',
    'client_secret':'testpass'
};
//ajax POST `data` to `url` here
//

Built With

• Yii 2: The Fast, Secure and Professional PHP Framework http://www.yiiframework.com

Code of Conduct

Please read CODE_OF_CONDUCT.md for details on our code of conduct., _(*23)

Contributing

Please read CONTRIBUTING.md for details on the process for submitting pull requests to us., _(*24)

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository., _(*25)

Considering SemVer for versioning rules 9, 10 and 11 talk about pre-releases, they will not be used within the Tecnocen-com., _(*26)

Authors

• Angel Guevara - Initial work - Tecnocen.com
• Carlos Llamosas - Initial work - Tecnocen.com

See also the list of contributors who participated in this project., _(*27)

License

This project is licensed under the MIT License - see the LICENSE.md file for details, _(*28)

Acknowledgments

• TO DO - Hat tip to anyone who's code was used
• TO DO - Inspiration
• TO DO - etc

, _(*29)

For more, see https://github.com/bshaffer/oauth2-server-php, _(*30)