【问题标题】:How do I set a callback function for an OAuth2.0 Server with Password Grant Type?如何为密码授予类型的 OAuth2.0 服务器设置回调函数?
【发布时间】:2014-09-08 10:15:26
【问题描述】:

我想知道是否有人可以帮助我,如何设置密码授予类型回调? 我的本地主机上运行了一个有效的 OAuth2.0 提供程序服务器,我只需要在请求访问令牌时验证用户的凭据。

我相信我只需要设置一个回调函数。附上我的代码:

$app->setService('oauth', function() use ($config) {   
    $oauthdb = new \Twm\Db\Adapter\Pdo\Mssql(
            $config
            ->database
            ->oauth
            ->toArray()
    );

    $server = new \League\OAuth2\Server\Authorization(
        new \Oauth2\Server\Storage\Pdo\Mssql\Client($oauthdb),
        new \Oauth2\Server\Storage\Pdo\Mssql\Session($oauthdb),
        new \Oauth2\Server\Storage\Pdo\Mssql\Scope($oauthdb)
    );

    $request = new \Oauth2\Server\Storage\Pdo\Mssql\Request(); 
    $server->setRequest($request);

    // do i set a callback here???

    $server->setAccessTokenTTL(86400);
    $server->addGrantType(new League\OAuth2\Server\Grant\Password($server));
    return $server;
});

如果有人能帮助我,谢谢!

更新 所以我在这里阅读了这个主题:https://github.com/thephpleague/oauth2-server/issues/97 看来我确实必须设置某种回调函数来验证用户。我只是需要更多的帮助。

更新

感谢 Alex,我在下面实现了密码验证例程,并且它有效。

$app->setService('oauth', function() use ($config, $app) {   
    $oauthdb = new \Twm\Db\Adapter\Pdo\Mssql(
        (array) $config->database->oauth
    );

    $server = new \League\OAuth2\Server\Authorization(
        new \Oauth2\Server\Storage\Pdo\Mssql\Client($oauthdb),
        new \Oauth2\Server\Storage\Pdo\Mssql\Session($oauthdb),
        new \Oauth2\Server\Storage\Pdo\Mssql\Scope($oauthdb)
    );

    # Not required as it called directly from original code
    # $request = new \League\OAuth2\Server\Util\Request();

    # add these 2 lines code if you want to use my own Request otherwise comment it
    $request = new \Oauth2\Server\Storage\Pdo\Mssql\Request(); 
    $server->setRequest($request);
    $server->setAccessTokenTTL(86400);        
    $grant = new League\OAuth2\Server\Grant\Password();
    $grant->setVerifyCredentialsCallback(function($username, $password){
        //echo "it works! ". $username . ' : ' . $password;        
        // if verified, then return true
        // else return false
    });
    $server->addGrantType($grant);        
    return $server;
});

【问题讨论】:

    标签: php web-services rest oauth-2.0 phalcon


    【解决方案1】:

    您需要在授权上调用setVerifyCredentialsCallback($callback) 方法。

    所以稍微修改你的代码:

    $request = new \Oauth2\Server\Storage\Pdo\Mssql\Request(); 
    $server->setRequest($request);
    $server->setAccessTokenTTL(86400);
    
    $grant = new League\OAuth2\Server\Grant\Password($server);
    $grant->setVerifyCredentialsCallback(function ($username, $password) {
    
       // your logic here - must return a user ID if credentials are valid or false if not
    
    });
    
    $server->addGrantType();
    return $server;
    

    【讨论】:

    • 谢谢 Alex,您能否解释一下我们何时使用 getVerifyCredentialsCallback 函数?例如。试试 { $params = $app->oauth->getParam(array('client_id', 'client_secret','username','password')); return $app->oauth ->getGrantType('password') ->completeFlow($params); //->getVerifyCredentialsCallback($params); } 捕捉 (\League\OAuth2\Server\Exception\ClientException $e) { echo $e->getTraceAsString(); } catch (\Exception $e) { echo $e->getTraceAsString(); }
    • 嗨,亚历克斯,我再次需要你的帮助。如何撤销 access_token?
    • 没关系,撤销令牌很容易。只需要将其从 oauth_sessions 表中删除即可:)
    猜你喜欢
    • 1970-01-01
    • 2020-11-24
    • 1970-01-01
    • 2019-10-13
    • 2016-06-20
    • 2015-09-22
    • 1970-01-01
    • 1970-01-01
    • 2018-05-26
    相关资源
    最近更新 更多