chadicus / slim-oauth2 Goto Github PK

View Code? Open in Web Editor NEW

129.0 14.0 19.0 70 KB

Routes and Middleware for Using OAuth2 Server within a Slim Framework API

License: MIT License

slim oauth2 api routes middleware http psr-7 php

slim-oauth2's Introduction

Chadicus\Slim\OAuth2

A collection of OAuth2 Server routes, middleware and utilities for use within a Slim 3 Framework API

Requirements

Chadicus\Slim\OAuth2 requires PHP 5.6 (or later).

Composer

To add the library as a local, per-project dependency use Composer! Simply add a dependency on chadicus/slim-oauth2 to your project's composer.json file such as:

composer require chadicus/slim-oauth2

Components

This package is a metapackage aggregating the following components:

Examples

Examples can be found in the examples folder.

Community

slim-oauth2's People

Contributors

Stargazers

Watchers

Forkers

nepsdotin nikomateos ilson-nobrega bryant1410 odixon jerryhopper aakashcodelab songvi kg7 gitter-badger voxp1b5 ignatiusu savananvekar somkidsookchot hamdanidev om3rcitak 5l1v3r1 flagshipkagero golfvit

slim-oauth2's Issues

Issue trying to link slim+oauth2+facebook login

I am not sure which dependency would be best to put this but it could make a good example.

I have a API which is secured using this library, all well and good if user exists in the oauth users table, issue comes when I want to auth a user via social login which will be for an app I am developing.

tell user to go to FB auth
user auths request and is redirected back to API (or just gets the return code)
return code is supplied to API and I use Facebook SDK to confirm its all good and register user if does not already exist
now problem is how do I return an access token to the client based on the user in question that has been validated via social login.

In a session based system all is good but the api should be stateless, rather relying on oauth tokens.
This is something that seems to be lacking in the docs.

granttype should not be null

curl -X POST -d client_id=librarian -d client_secret=secret -d grant_type=client_credentials http://test.com/token

produce

{"error":"unsupported_grant_type","error_description":"Grant type "client_credentials" not supported"}

if $storage->setClientDetails('librarian', 'secret', null, null, 'bookCreate'); used then it is not possible to use the curl request like in your sample said.

I have tried it with grant_type client_credentials also
$storage->setClientDetails('librarian', 'secret', null, 'client_credentials', 'bookCreate');
without success.

401 Unauthorized

When i tried to Curl Authorization

AS you mentionded in Readme with changing in access code sure

curl -H 'Authorization: Bearer c859d2c9eec4800a6277671eba72a5a6f54f8693' http://localhost:8888/books

it returns ,
401 Unauthorized

do it work with slim 4?

unexpected return values

I have used your samples to test your oauth2 middleware and found some problems. One of them is that return value isn't like desired.

Here are a sample method
$app->get('/test', $authorization, function() use ($app) {
$app->contentType('application/json');
$app->response->setBody(json_encode(array("status" => "success")));
});

Without correct authorization, the response is still the same. only the return code is 403 instead to 200. Or is it intend to check the authorization in function again?
{"status":"success"}

Mongodb Storage

Is there way to use mysqli storage instead of Mongodb storage ?!

Cannot render template

I integrated your implementation into my system and I cannot render the authorization template form. The error message and trace is as follows:

Details
Type: RuntimeException
Message: View cannot render authorize.phtml because the template does not exist
File: C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\View.php
Line: 272

Trace

#0 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\View.php(255): Slim\View->render('authorize.phtml', NULL)
#1 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\View.php(243): Slim\View->fetch('authorize.phtml', NULL)
#2 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Slim.php(757): Slim\View->display('authorize.phtml')
#3 C:\xampp\htdocs\api-fmis\v2\vendor\chadicus\slim-oauth2-routes\src\Authorize.php(65): Slim\Slim->render('authorize.phtml', Array)
#4 [internal function]: Chadicus\Slim\OAuth2\Routes\Authorize->__invoke()
#5 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Route.php(468): call_user_func_array(Object(Chadicus\Slim\OAuth2\Routes\Authorize), Array)
#6 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Slim.php(1357): Slim\Route->dispatch()
#7 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Middleware\Flash.php(85): Slim\Slim->call()
#8 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Middleware\MethodOverride.php(92): Slim\Middleware\Flash->call()
#9 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Middleware\PrettyExceptions.php(67): Slim\Middleware\MethodOverride->call()
#10 C:\xampp\htdocs\api-fmis\v2\vendor\slim\slim\Slim\Slim.php(1302): Slim\Middleware\PrettyExceptions->call()
#11 C:\xampp\htdocs\api-fmis\v2\index.php(14183): Slim\Slim->run()
#12 {main}

The grant type was not specified in the request

Hi,

I am trying to figure out your setup - it looks awesome; but I am overseeing something!
The thing I am stuck on is:

{
"error": "invalid_request"
"error_description": "The grant type was not specified in the request"
}

When calling:
http://localhost/cheapp/index.php/token
from the advanced rest client with payload:
client_id=librarian&client_secret=secret&grant_type=client_credentials
and header:
Accept: application/json

It keeps throwing that nasty:
"error": "invalid_request"

probably had something to do with my setup .. database creation was not done by running some script but by finding the create tables in the code and running them. Should I have used composer for this in some way? Could only find some test code that hit this - so how does this work?