uafrica / oauth-server
OAuth Server for CakePHP 3 using the PHP League's OAuth2 Server
This package's canonical repository appears to be gone and the package has been frozen as a result.
Installs: 72 061
Dependents: 0
Suggesters: 0
Security: 0
Stars: 51
Watchers: 13
Forks: 51
Type:cakephp-plugin
Requires
- php: >= 5.5
- cakephp/cakephp: ~3.0
- cakephp/migrations: ~1.0
- league/oauth2-server: ~4.1
Requires (Dev)
- phpunit/phpunit: ~4.5
This package is not auto-updated.
Last update: 2024-09-14 18:14:56 UTC
README
A plugin for implementing an OAuth2 server in CakePHP 3. Built on top of the PHP League's OAuth2 Server. Currently we support the following grant types: AuthCode, RefreshToken, ClientCredentials.
Installation
Installation is done using composer. Run:
$ composer require uafrica/oauth-server
Once composer has installed the package, the plugin needs to be activated by running:
$ bin/cake plugin load -r OAuthServer
Finally the database migrations need to be run.
$ bin/cake migrations migrate --plugin OAuthServer
Configuration
It is assumed that you already have working Form based authentication using the built in CakePHP 3 authentication component. If you do not, please read the authentication chapter.
Set OAuthServer as an authentication adaptor.
In your AppController::beforeFilter() method, add (or modify)
$this->Auth->config('authenticate', [ 'Form', 'OAuthServer.OAuth' ]);
Change your login method to look as follows:
public function login() { if ($this->request->is('post')) { $user = $this->Auth->identify(); if ($user) { $this->Auth->setUser($user); $redirectUri = $this->Auth->redirectUrl(); if ($this->request->query['redir'] === 'oauth') { $redirectUri = [ 'plugin' => 'OAuthServer', 'controller' => 'OAuth', 'action' => 'authorize', '?' => $this->request->query ]; } return $this->redirect($redirectUri); } else { $this->Flash->error( __('Username or password is incorrect'), 'default', [], 'auth' ); } } }
Alternatively, if you are using the Friends Of Cake CRUD plugin, add
'login' => [ 'className' => 'OAuthServer.Login' ]
to your CRUD actions config.
Usage
The base OAuth2 path is example.com/oauth.
In order to add clients and OAuth scopes you need to create a ClientsController and a ScopesController (Which is not part of this plugin)
The simplest way is to make use of the Friends Of Cake CRUD-View plugin.
Install it by running
$ composer require friendsofcake/bootstrap-ui:dev-master $ composer require friendsofcake/crud:dev-master $ composer require friendsofcake/crud-view:dev-master
Then create a ClientsController that looks like:
<?php namespace App\Controller; use Crud\Controller\ControllerTrait; /** * OauthClients Controller * * @property \OAuthServer\Model\Table\ClientsTable $Clients */ class ClientsController extends AppController { use ControllerTrait; public $modelClass = 'OAuthServer.Clients'; /** * @return void */ public function initialize() { parent::initialize(); $this->viewClass = 'CrudView\View\CrudView'; $tables = [ 'Clients', 'Scopes' ]; $this->loadComponent('Crud.Crud', [ 'actions' => [ 'index' => [ 'className' => 'Crud.Index', 'scaffold' => [ 'tables' => $tables ] ], 'view' => [ 'className' => 'Crud.View', 'scaffold' => [ 'tables' => $tables ] ], 'edit' => [ 'className' => 'Crud.Edit', 'scaffold' => [ 'tables' => $tables, 'fields' => [ 'name', 'redirect_uri', 'parent_model', 'parent_id' => [ 'label' => 'Parent ID', 'type' => 'text' ] ] ] ], 'add' => [ 'className' => 'Crud.Add', 'scaffold' => [ 'tables' => $tables, 'fields' => [ 'name', 'redirect_uri', 'parent_model', 'parent_id' => [ 'label' => 'Parent ID', 'type' => 'text' ] ] ] ], 'delete' => [ 'className' => 'Crud.Delete', 'scaffold' => [ 'tables' => $tables ] ], ], 'listeners' => [ 'CrudView.View', 'Crud.RelatedModels', 'Crud.Redirect', 'Crud.Api' ], ]); } }
And a ScopesController that looks like:
<?php namespace App\Controller; use Crud\Controller\ControllerTrait; /** * Scopes Controller * * @property \OAuthServer\Model\Table\ScopesTable $Scopes */ class ScopesController extends AppController { use ControllerTrait; public $modelClass = 'OAuthServer.Scopes'; /** * @return void */ public function initialize() { parent::initialize(); $this->viewClass = 'CrudView\View\CrudView'; $tables = [ 'Clients', 'Scopes' ]; $this->loadComponent('Crud.Crud', [ 'actions' => [ 'index' => [ 'className' => 'Crud.Index', 'scaffold' => [ 'tables' => $tables ] ], 'view' => [ 'className' => 'Crud.View', 'scaffold' => [ 'tables' => $tables ] ], 'edit' => [ 'className' => 'Crud.Edit', 'scaffold' => [ 'tables' => $tables, 'fields' => [ 'id' => [ 'label' => 'ID', 'type' => 'text' ], 'description', ] ] ], 'add' => [ 'className' => 'Crud.Add', 'scaffold' => [ 'tables' => $tables, 'fields' => [ 'id' => [ 'label' => 'ID', 'type' => 'text' ], 'description', ] ] ], 'delete' => [ 'className' => 'Crud.Delete', 'scaffold' => [ 'tables' => $tables ] ], ], 'listeners' => [ 'CrudView.View', 'Crud.RelatedModels', 'Crud.Redirect', ], ]); } }
Customisation
The OAuth2 Server can be customised, the look for the various pages can be changed by creating templates in Template/Plugin/OAuthServer/OAuth
The server also fires a number of events that can be used to inject values into the process. The current events fired are:
OAuthServer.beforeAuthorize- On rendering of the approval page for the user.OAuthServer.afterAuthorize- On the user authorising the clientOAuthServer.afterDeny- On the user denying the clientOAuthServer.getUser- On loading user details for authentication requests.
You can customise the OAuth authorise page by creating a overriding template file in src/Template/Plugin/OAuthServer/OAuth/authorize.ctp