REST API application with OAuth2 server on Yii2的完整实现流程

1、基于https://github.com/Filsh/yii2-oauth2-server实现；

运行：php composer.phar require –prefer-dist filsh/yii2-oauth2-server “*”

2、在应用程序中配置：

E:\wwwroot\api.hmwis.com\passport\config\main.php

‘modules’ => [
‘oauth2’ => [
‘class’ => ‘filsh\yii2\oauth2server\Module’,
‘tokenParamName’ => ‘accessToken’,
‘tokenAccessLifetime’ => 3600 * 24,
‘storageMap’ => [
‘user_credentials’ => ‘common\models\User’,
],
‘grantTypes’ => [
‘user_credentials’ => [
‘class’ => ‘OAuth2\GrantType\UserCredentials’,
],
‘refresh_token’ => [
‘class’ => ‘OAuth2\GrantType\RefreshToken’,
‘always_issue_new_refresh_token’ => true
]
]
],
‘v1’ => [
‘class’ => ‘passport\modules\v1\Module’,
],
],

3、编辑用户模型类User.php：

E:\wwwroot\api.hmwis.com\common\models\User.php

实现接口\OAuth2\Storage\UserCredentialsInterface
class User extends ActiveRecord implements IdentityInterface, \OAuth2\Storage\UserCredentialsInterface

3.1、基于邮箱、手机查找对应用户：

3.2、实现接口类中的两个方法：

4、运行数据迁移：

运行：yii migrate –migrationPath=@vendor/filsh/yii2-oauth2-server/migrations

5、编辑m140501_075311_add_oauth2_server.php：

public function primaryKey($columns = null) {
return ‘PRIMARY KEY (‘ . $this->db->getQueryBuilder()->buildColumns($columns) . ‘)’;
}

6、再次运行：yii migrate –migrationPath=@vendor/filsh/yii2-oauth2-server/migrations

6.1、查看数据库中已经存在相应数据表：

7、添加URL规则到urlManager：

E:\wwwroot\api.hmwis.com\passport\config\main-local.php

‘POST oauth2/<action:\w+>’ => ‘oauth2/rest/<action>’,

8、要使用该扩展，只需添加行为到您的基本控制器：

9、http://passport.api.hmwis.com/oauth2/token

10、E:\wwwroot\api.hmwis.com\vendor\filsh\yii2-oauth2-server\storage\Pdo.php

$this->config = array_merge(array(
‘client_table’ => \Yii::$app->db->tablePrefix . ‘oauth_clients’,
‘access_token_table’ => \Yii::$app->db->tablePrefix . ‘oauth_access_tokens’,
‘refresh_token_table’ => \Yii::$app->db->tablePrefix . ‘oauth_refresh_tokens’,
‘code_table’ => \Yii::$app->db->tablePrefix . ‘oauth_authorization_codes’,
‘user_table’ => \Yii::$app->db->tablePrefix . ‘oauth_users’,
‘jwt_table’  => \Yii::$app->db->tablePrefix . ‘oauth_jwt’,
‘jti_table’  => \Yii::$app->db->tablePrefix . ‘oauth_jti’,
‘scope_table’  => \Yii::$app->db->tablePrefix . ‘oauth_scopes’,
‘public_key_table’  => \Yii::$app->db->tablePrefix . ‘oauth_public_keys’,
), $config);

11、http://passport.api.hmwis.com/oauth2/token

请求成功：

{
“access_token”: “17b22dc4746f37ebd2019a256147944c84dec090”,
“expires_in”: 86400,
“token_type”: “Bearer”,
“scope”: null,
“refresh_token”: “6a26bd0e049041bfd217ff7849d865c486449617”
}

12、E:\wwwroot\api.hmwis.com\passport\controllers\UserController.php

public function checkAccess($action, $model = null, $params = [])
{
$oauthUser = Yii::$app->user->identity;

$uid = Yii::$app->request->get(‘id’);

if ($oauthUser[‘id’] != Yii::$app->request->get(‘id’)) {
throw new UnauthorizedHttpException(Yii::t(‘app/error’, ‘30054’), $code = 30054);
}
}

12.1、如果访问令牌所有者与当前用户不是同一人，则提示错误：

13、编辑oauth_clients表：

14、设置访问令牌与刷新令牌的有效期分别为7天与30天

E:\wwwroot\api.hmwis.com\vendor\filsh\yii2-oauth2-server\Module.php

15、通过密码凭据获取访问令牌

http://passport.api.hmwis.com/oauth2/token

如果grant_type = authorization_code
请求失败：

{
“name”: “Bad Request”,
“message”: “Grant type \”authorization_code\” not supported”,
“code”: 0,
“status”: 400,
“type”: “filsh\yii2\oauth2server\exceptions\HttpException”
}

15.1、获取访问令牌成功，且在数据库中进行确认：

16、通过刷新令牌获取访问令牌

http://passport.api.hmwis.com/oauth2/token

17、修改用户个人信息

http://passport.api.hmwis.com/v1/users/4

测试访问令牌：