仅使用 bshaffer OAuth2.0 库实现客户端凭据授予类型

Question

我决定将 bshaffer 的库用于 OAuth2.0 (https://bshaffer.github.io/oauth2-server-php-docs/)。我正在使用它为我的 API 实现 client credentials 授权类型。请求访问令牌时（使用硬编码的 client_id 和 client_secret），一切正常。我通过以下

grant_type => client_credentials
client_id => oauthuser
client_secret => xkJ7ua2p9zaRQ78YxYAfTCKGUaGEfMS6

结果如下：

{
  "access_token": "855b36508abfdfcd25281e36020ab48917d4a637",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": null
}

但是每当我请求我的数据时，使用这个作为标题：

authorization => Bearer 855b36508abfdfcd25281e36020ab48917d4a637

我收到一条错误消息，提示我的令牌无效：

{
  "error": "invalid_token",
  "error_description": "The access token provided is invalid"
}

我做错了什么？ client_credentials 授权类型是否可以在没有授权授权类型的情况下使用，如演示应用程序所示？

这是我的一些代码：

对于初始化 OAuth 2.0 服务器的文件：

namespace App\Libraries;

use Silex\Application;
use Silex\ControllerProviderInterface;
use OAuth2\Storage\Memory as OAuth2MemoryStoraage;
use OAuth2\Server as OAuth2Server;
use OAuth2\GrantType\ClientCredentials;
use OAuth2\HttpFoundationBridge\Response as BridgeResponse;

class OAuth2Library implements ControllerProviderInterface
{
    public function setup(Application $app)
    {
        $clients = array('oauthuser' => array(
            'client_secret' => 'xkJ7ua2p9zaRQ78YxYAfTCKGUaGEfMS6'
        ));
        $storage = new OAuth2MemoryStoraage(array('client_credentials' => $clients));

        $server = new OAuth2Server($storage, array('issuer' => $_SERVER['HTTP_HOST']));

        $server->addGrantType(new ClientCredentials($storage));

        $app['oauth_server'] = $server;

        $app['oauth_response'] = new BridgeResponse();
    }

    public function connect(Application $app)
    {
        $this->setup($app);

        $routing = $app['controllers_factory'];
        $routing->post('/accesstoken', 'App\\Controllers\\OAuthController::authorize');

        return $routing;
    }
}

对于提供访问令牌的函数（在另一个文件中）：

namespace App\Controllers;

use OAuth2;
use Silex\Application;
use Symfony\Component\HttpFoundation\Response;
use OAuth2\HttpFoundationBridge\Request as BridgeRequest;

class OAuthController
{
    public function authorize(Application $app)
    {
        $server = $app['oauth_server'];
        $response = $app['oauth_response'];
        return $server->handleTokenRequest($app['request'], $response);
        //return $app->json($encoded, 200);
    }
}

最后，在另一个文件中，获取资源的函数：

namespace App\Controllers;

use Silex\Application;
use Symfony\Component\HttpFoundation\Response;
use OAuth2;

class HelloController
{
    public function get(Application $app)
    {
        $server = $app['oauth_server'];
        $response = $app['oauth_response'];
        if (!$server->verifyResourceRequest($app['request'], $response)) {
            return $server->getResponse();
        }
        else
        {
            $result = $app['db']->fetchAssoc("select * from user");
            return new Response(json_encode($result));
        }
    }
}

我做错了什么？谢谢！

Answer 1

OAuth2\Storage\Memory 不会在请求之间持久化，因此需要使用数据库（例如 OAuth2\Storage\Pdo）来存储 access_tokens。

您可以使用 SQLite 作为带有 PDO 的单个文件进行测试：sqlite.org/onefile.html

Answer 2

你可以像这样实现 MySQL PDO 存储

$dsn      = 'mysql:dbname=my_oauth2_db;host=localhost';
$username = 'root';
$password = '';

// error reporting (this is a demo, after all!)
ini_set('display_errors',1);error_reporting(E_ALL);

// Autoloading (composer is preferred, but for this example let's just do this)
require_once('oauth2-server-php/src/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();

// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));

// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);

// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));

来源：BShaffer Oauth2 Server Cookbook