REST API application with OAuth2 server on Yii2的完整实现流程
1、基于https://github.com/Filsh/yii2-oauth2-server实现;
运行:php composer.phar require –prefer-dist filsh/yii2-oauth2-server “*”
2、在应用程序中配置:
E:\wwwroot\api.hmwis.com\passport\config\main.php
‘modules’ => [
‘oauth2’ => [
‘class’ => ‘filsh\yii2\oauth2server\Module’,
‘tokenParamName’ => ‘accessToken’,
‘tokenAccessLifetime’ => 3600 * 24,
‘storageMap’ => [
‘user_credentials’ => ‘common\models\User’,
],
‘grantTypes’ => [
‘user_credentials’ => [
‘class’ => ‘OAuth2\GrantType\UserCredentials’,
],
‘refresh_token’ => [
‘class’ => ‘OAuth2\GrantType\RefreshToken’,
‘always_issue_new_refresh_token’ => true
]
]
],
‘v1’ => [
‘class’ => ‘passport\modules\v1\Module’,
],
],
3、编辑用户模型类User.php:
E:\wwwroot\api.hmwis.com\common\models\User.php
实现接口\OAuth2\Storage\UserCredentialsInterface
class User extends ActiveRecord implements IdentityInterface, \OAuth2\Storage\UserCredentialsInterface
3.1、基于邮箱、手机查找对应用户:
3.2、实现接口类中的两个方法:
4、运行数据迁移:
运行:yii migrate –migrationPath=@vendor/filsh/yii2-oauth2-server/migrations
5、编辑m140501_075311_add_oauth2_server.php:
public function primaryKey($columns = null) {
return ‘PRIMARY KEY (‘ . $this->db->getQueryBuilder()->buildColumns($columns) . ‘)’;
}
6、再次运行:yii migrate –migrationPath=@vendor/filsh/yii2-oauth2-server/migrations
6.1、查看数据库中已经存在相应数据表:
7、添加URL规则到urlManager:
E:\wwwroot\api.hmwis.com\passport\config\main-local.php
‘POST oauth2/<action:\w+>’ => ‘oauth2/rest/<action>’,
8、要使用该扩展,只需添加行为到您的基本控制器:
9、http://passport.api.hmwis.com/oauth2/token
10、E:\wwwroot\api.hmwis.com\vendor\filsh\yii2-oauth2-server\storage\Pdo.php$this->config = array_merge(array(
‘client_table’ => \Yii::$app->db->tablePrefix . ‘oauth_clients’,
‘access_token_table’ => \Yii::$app->db->tablePrefix . ‘oauth_access_tokens’,
‘refresh_token_table’ => \Yii::$app->db->tablePrefix . ‘oauth_refresh_tokens’,
‘code_table’ => \Yii::$app->db->tablePrefix . ‘oauth_authorization_codes’,
‘user_table’ => \Yii::$app->db->tablePrefix . ‘oauth_users’,
‘jwt_table’ => \Yii::$app->db->tablePrefix . ‘oauth_jwt’,
‘jti_table’ => \Yii::$app->db->tablePrefix . ‘oauth_jti’,
‘scope_table’ => \Yii::$app->db->tablePrefix . ‘oauth_scopes’,
‘public_key_table’ => \Yii::$app->db->tablePrefix . ‘oauth_public_keys’,
), $config);
11、http://passport.api.hmwis.com/oauth2/token
请求成功:
{
“access_token”: “17b22dc4746f37ebd2019a256147944c84dec090”,
“expires_in”: 86400,
“token_type”: “Bearer”,
“scope”: null,
“refresh_token”: “6a26bd0e049041bfd217ff7849d865c486449617”
}
12、E:\wwwroot\api.hmwis.com\passport\controllers\UserController.php
public function checkAccess($action, $model = null, $params = [])
{
$oauthUser = Yii::$app->user->identity;
$uid = Yii::$app->request->get(‘id’);
if ($oauthUser[‘id’] != Yii::$app->request->get(‘id’)) {
throw new UnauthorizedHttpException(Yii::t(‘app/error’, ‘30054’), $code = 30054);
}
}
12.1、如果访问令牌所有者与当前用户不是同一人,则提示错误:
13、编辑oauth_clients表:
14、设置访问令牌与刷新令牌的有效期分别为7天与30天
E:\wwwroot\api.hmwis.com\vendor\filsh\yii2-oauth2-server\Module.php
15、通过密码凭据获取访问令牌
http://passport.api.hmwis.com/oauth2/token
如果grant_type = authorization_code
请求失败:
{
“name”: “Bad Request”,
“message”: “Grant type \”authorization_code\” not supported”,
“code”: 0,
“status”: 400,
“type”: “filsh\yii2\oauth2server\exceptions\HttpException”
}
15.1、获取访问令牌成功,且在数据库中进行确认:
16、通过刷新令牌获取访问令牌
http://passport.api.hmwis.com/oauth2/token
17、修改用户个人信息
http://passport.api.hmwis.com/v1/users/4
测试访问令牌:
近期评论