Skip to content

An easy-to-use library that allows accessing and authenticating with Restful APIs using the OAuth 2 protocol. Essentially, it provides users with a secure and authorized way to access their APIs

License

Notifications You must be signed in to change notification settings

bertugfahriozer/ci4oauth2

Repository files navigation

English Türkçe

Codeigniter 4 OAuth2 Library

This is an OAuth2 library that can be used in CodeIgniter 4. It allows users to authorize and authenticate with third-party applications.

Features

  • Easily configure and deploy an OAuth2 server application.
  • Support for authorizing and authenticating users with third-party applications.
  • Integration with any client application that supports the OAuth2 protocol.
  • Access authorization mechanisms that secure user capabilities.

Installation

To add the library to your project, follow these steps:

  1. Navigate to your project's files.

  2. Use Composer to add the library to your project with the following command:

    composer require bertugfahriozer/ci4oauth2

  3. You'll need to create a configuration file. To create a config file, run the following command:

    php spark make:config

  4. To create the required database tables, run the following command:

    php spark migrate -all

You're now ready to use the OAuth2 library in your project!

Usage

Configration

Here's an example of a configuration file you can create for your OAuth2 library:

<?php

namespace Config;

use CodeIgniter\Config\BaseConfig;

class Oauth2Conf extends BaseConfig
{
    public array $tables = ['client_table' => 'oauth_clients',
        'access_token_table' => 'oauth_access_tokens',
        'refresh_token_table' => 'oauth_refresh_tokens',
        'code_table' => 'oauth_authorization_codes',
        'user_table' => 'oauth_users',
        'jwt_table' => 'oauth_jwt',
        'jti_table' => 'oauth_jti',
        'scope_table' => 'oauth_scopes',
        'public_key_table' => 'oauth_public_keys'];

    public array $jwtConf=[
        'aud'=> 'https://oauth' // you must edit here
    ];

    public int $oauthFilterCap = 60;
    public int $rateLimitCap = 2;

    /* --------------------------------------------------------------------
     * Encryption Algorithm to use
     * --------------------------------------------------------------------
     * Valid values are
     * - PASSWORD_DEFAULT (default)
     * - PASSWORD_BCRYPT
     * - PASSWORD_ARGON2I  - As of PHP 7.2 only if compiled with support for it
     * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
     *
     * If you choose to use any ARGON algorithm, then you might want to
     * uncomment the "ARGON2i/D Algorithm" options to suit your needs
     */
    public $hashAlgorithm = PASSWORD_DEFAULT;
    public array $phpHashConfig = [
        'hashMemoryCost' => 2048,
        'hashTimeCost' => 4,
        'hashThreads' => 4,
        'hashCost' => 10
    ];
}

The example above is a sample config file created for the Refresh Token method.

Adding Filter

We will include the First Filter. The file we will include is "application/Config/Filter.php":

<?php namespace Config

class Filters extends BaseConfig
{
    public array $aliases = [
        ...
        'oauthfilter' => \ci4oauth2\Filters\OauthFilter::class,
        'rateLimit' => \ci4oauth2\Filters\RateLimit::class
    ];
    
    ...
    public array $filters = [
        'rateLimit' => ['before' => ['login', 'createclient', 'createuser', 'genjwt', 'token']],
        'oauthfilter' => ['before' => ['api','api/*']]
    ];
}

URI Routing

Here is an example URI structure that will be added to the "App/Config/Routes.php" file:

$routes->group('api', ['namespace' => 'App\Controllers'], static function ($routes) {
    $routes->resource('blog',['only'=>['index','show','create', 'update', 'delete']]);
});

Simple Controller and Methods

Usage example of the OAuth2 library:

<?php

namespace App\Controllers;

use CodeIgniter\Controller;
use ci4oauth2\Libraries\Oauth;

class AuthController extends Controller {
private $oauth;
private $respond;

    public function __construct() {
        $config = config('Oauth2Conf');

        $oauth = new Oauth($this->request->getPost('grant_type'), $config);
        $this->respond = $oauth->server->handleTokenRequest($req);
    }

    public function authorize() {
        return $this->respond(json_decode($this->respond->getResponseBody()), $this->respond->getStatusCode());
    }
}

Here are sample methods for creating users in the database:

public function createclient() {
   $vald = [
      'client_id' => ['label' => '', 'rules' => 'required'],
      'client_secret' => ['label' => '', 'rules' => 'required'],
      'redirect_url' => ['label' => '', 'rules' => 'required|valid_url'],
      'grant_types' => ['label' => '', 'rules' => 'required'],
   ];
   if (strpos($this->request->getPost('grant_types'), "password")) {
      $vald['username'] = ['label' => '', 'rules' => 'required'];
      $vald['password'] = ['label' => '', 'rules' => 'required'];
   }
   $valData = ($vald);
   if ($this->validate($valData) == false) return $this->failValidationErrors($this->validator->getErrors());
   $oauth = new \ci4oauth2\Libraries\OauthPdoStorage();
   $result = $oauth->setClientDetails($this->request->getPost('client_id'), $this->request->getPost('client_secret'), $this->request->getPost('redirect_url'), $this->request->getPost('grant_types'));
   if ($result === 0) return $this->respondCreated(['result' => 'client created']);
   else if ($result === true) return $this->respondUpdated(['result' => 'client updated.']);
   else return $this->failServerError();
}

public function createuser() {
   $valData = ([
      'username' => ['label' => '', 'rules' => 'required'],
      'password' => ['label' => '', 'rules' => 'required']
   ]);
   if ($this->validate($valData) == false) return $this->failValidationErrors($this->validator->getErrors());
   $oauth = new \ci4oauth2\Libraries\OauthPdoStorage();
   $result = $oauth->setUser($this->request->getPost('username'), $this->request->getPost('password'));
   if ($result === 0) return $this->respondCreated(['result' => 'user created']);
   else if ($result === true) return $this->respondUpdated(['result' => 'user updated.']);
   else return $this->failServerError();
}

Example Folder

After including the library, you can copy and test the code found in this folder. The example folder path is "ci4oauth2/example".

Authorization Types

Authorization Code

The authorization code grant type is used when the client wants to request access to protected resources on behalf of another user (i.e., a third-party user). This is the most commonly associated data type with OAuth. RFC 6749

Example Request

curl --location 'https://oauth/authorize' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_id=testclient' \ --data-urlencode 'redirect_uri=http://oauth/' \ --data-urlencode 'code=xyz' \ --data-urlencode 'client_secret=testpass'

Result

{ "access_token": "794b60b710a9d9128387d1dc7920484cf32080c6", "expires_in": 3600, "token_type": "Bearer", "scope": null, "refresh_token": "fa7f4a30f7861047a9a3c130d197b8d708bc0fa3" }

Client Credentials

The Client Credentials grant type is used when the client is requesting access to protected resources under its control (i.e. there is no third party). RFC 6749

Example Request

curl --location 'https://oauth/authorize' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=client_credentials' \ --data-urlencode 'client_id=testbertug' \ --data-urlencode 'client_secret=passbertug'

Result

{ "access_token": "33d85a1a68ad617add7f66cd7855e532738c3d84", "expires_in": 3600, "token_type": "Bearer", "scope": null }

User Credentials

The User Credentials grant type (also known as Resource Owner Password Credentials) is used when the user has a trusted relationship with the client, and so can supply credentials directly. RFC 6749

Example Request

curl --location 'https://oauth/authorize' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=password' \ --data-urlencode 'username=testbertug' \ --data-urlencode 'password=testpass' \ --data-urlencode 'client_id=testbertug' \ --data-urlencode 'client_secret=passbertug'

Result

{ "access_token": "557118343a9f7642804cdeef124195be437eb9c2", "expires_in": 3600, "token_type": "Bearer", "scope": null, "refresh_token": "308c5f9b3b91cdc233b64550e13baa287efa3eea" }

Refresh Token

The Refresh Token grant type is used to obtain additional access tokens in order to prolong the client's authorization of a user's resources. RFC 6749

Example Request

curl --location 'https://oauth/authorize' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=refresh_token' \ --data-urlencode 'refresh_token=afd5ab42392fd24fe3dc8b0f88c4505b4841d64a' \ --data-urlencode 'client_id=testbertug' \ --data-urlencode 'client_secret=passbertug'

Result

{ "access_token": "7e0c0ed74a06f21c5c0e3d75a086f6c7306113b2", "expires_in": 3600, "token_type": "Bearer", "scope": null }

JWT Bearer

The JWT Bearer grant type is used when the client wants to receive access tokens without transmitting sensitive information such as the client secret. This can also be used with trusted clients to gain access to user resources without user authorization. RFC 7523

JWT Preparation

To prepare JWTs, SSL keys should be created in advance and shared with the server where the requests will be made, or a panel should be set up to process the data. Here's an example of creating an SSL:

// private key
$ openssl genrsa -out privatekey.pem 2048

// public key
$ openssl rsa -in privkey.pem -pubout -out publickey.pem

A code example to generate a JWT:

/**
* Generate a JWT
*
* @param $privateKey The private key to use to sign the token
* @param $iss The issuer, usually the client_id
* @param $sub The subject, usually a user_id
* @param $aud The audience, usually the URI for the oauth server
* @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid
* @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid
* @param $jti The "jwt token identifier", or nonce for this JWT
*
* @return string
  */
  function generateJWT($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null) {
     if (!$exp) {
        $exp = time() + 1000;
     }
   
     $params = array(
        'iss' => $iss,
        'sub' => $sub,
        'aud' => $aud,
        'exp' => $exp,
        'iat' => time(),
     );
   
     if ($nbf) {
        $params['nbf'] = $nbf;
     }
   
     if ($jti) {
        $params['jti'] = $jti;
     }
   
     $jwtUtil = new OAuth2\Encryption\Jwt();
   
     return $jwtUtil->encode($params, $privateKey, 'RS256');
  }

Example Request

curl --location 'http://oauth/authorize' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \ --data-urlencode 'assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJ0ZXN0Y2xpZW50Iiwic3viIjoiYmVydHVnIiwiYXVkIjoiaHR0cHM6XC9cL29hdXRoXC90b2tlbiIsImV4cCI6MTY5Nzk0MzA0NywiaWF0IjoxNjk3OTQyMDQ3fQ.zOAR0P4M1MUfNC3Ptn_yuu3YJEwkTl503_RFCGU3omd2HNc12NAWxlZ9hXFr4-T5ymfizWix1hwNcqnBfyO69_ugsHK2G9x5zfzrTfr3cTk592LGWIE6zVhbr2ybmCStz_oocDqBrAO_aQcY0SMFOgqyQPb2OIx_z2rpBmCSdgpaiNB1f0eFbtwlFcbk_IQ9VjU-pvqVaOdWYCjUV690q3gztASBbqzRpqlEVvh9SdHe700e5eGdefW4gept11VN9i8EL5JuiQJYT0ptOfQbzqJ3N534FLFn56Zg77D2i9yFsAckLZpyyKQCSM-G_-4Jjsamm0fuEANiRDK25PRPF82DRnTOoW09N4z6h5pmk82oibGsqpyjEEmVyT5_UVoAwvKmjvsEMp2L46BM9C4bAm5qdjk_GWZcH_mr98wmfbkNDZ6cPegMMoIVz13yUHBp3VFDYb0EpigqWj6-fBDOxn7__a9S2qIlD6n3Uhg5MxI5HmwB-mrCJ-_CJ2m0hETaW94-KzcN23BUgk5CAdUkwMfndtW8nCmd3MXObo2b_rK8bJlhl_XH87xeGGY7DVb8t1vQnEd0-aonN790qSIt3Bsuzsa7kNEo_YVIu14gcae_9vzN2qn_ZUbzs8xO9t8WEq28M6VdU0xtdnvcq9HobFnIwaRpgsrGTjSOciw2nU'

Result

{ "access_token": "093440df45a567699c0e797d3c0641b3d1977e36", "expires_in": 3600, "token_type": "Bearer", "scope": null }

This is just a basic usage example, and you can expand it according to the specific requirements of your project.

Contribution

If you have any issues or requests related to this library on GitHub, please report them using the GitHub issue tracker. If you'd like to contribute to the project, please submit a pull request.

License

This library is licensed under the MIT License.


Codeigniter 4 OAuth2 Kütüphanesi

Bu, CodeIgniter 4’te kullanılabilen bir OAuth2 kütüphanesidir. Kullanıcıların, üçüncü taraf uygulamalara yetkilendirme ve kimlik doğrulama yapabilmelerini sağlar.

Özellikler

  • Oauth2 sunucu uygulamasını kolayca yapılandırma ve dağıtma
  • Kullanıcılar için üçüncü taraf uygulamalarla yetkilendirme ve kimlik doğrulama desteği
  • OAuth2 protokolünü destekleyen herhangi bir istemci uygulaması ile entegre olma
  • Kullanıcıların yeteneklerini güvence altına alan erişim yetkilendirme mekanizmaları

Kurulum

Kütüphaneyi projenize eklemek için şu adımları izleyin:

  1. Projeye ait dosyalara gidin.

  2. Composer kullanarak kütüphaneyi projeye eklemek için şu komutu çalıştırın:

    composer require bertugfahriozer/ci4oauth2
  3. Bir adet config dosyasına ihtiyacınız olacak. Config dosyası oluşturmak için aşağıdaki komutu çalıştırın:

    php spark make:config
  4. Gerekli veritabanı tablolarını oluşturmak için aşağıdaki komutu çalıştırın:

    php spark migrate -all

Artık OAuth2 kütüphanesi projenizde kullanımak için temelleri hazır!

Kullanım

Ayarlar

Oluşturduğunu Config dosyası için örnek:

<?php

namespace Config;

use CodeIgniter\Config\BaseConfig;

class Oauth2Conf extends BaseConfig
{
    public array $tables = ['client_table' => 'oauth_clients',
        'access_token_table' => 'oauth_access_tokens',
        'refresh_token_table' => 'oauth_refresh_tokens',
        'code_table' => 'oauth_authorization_codes',
        'user_table' => 'oauth_users',
        'jwt_table' => 'oauth_jwt',
        'jti_table' => 'oauth_jti',
        'scope_table' => 'oauth_scopes',
        'public_key_table' => 'oauth_public_keys'];

    public array $jwtConf=[
        'aud'=> 'https://oauth' // you must edit here
    ];

    public int $oauthFilterCap = 60;
    public int $rateLimitCap = 2;

    /* --------------------------------------------------------------------
     * Encryption Algorithm to use
     * --------------------------------------------------------------------
     * Valid values are
     * - PASSWORD_DEFAULT (default)
     * - PASSWORD_BCRYPT
     * - PASSWORD_ARGON2I  - As of PHP 7.2 only if compiled with support for it
     * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it
     *
     * If you choose to use any ARGON algorithm, then you might want to
     * uncomment the "ARGON2i/D Algorithm" options to suit your needs
     */
    public $hashAlgorithm = PASSWORD_DEFAULT;
    public array $phpHashConfig = [
        'hashMemoryCost' => 2048,
        'hashTimeCost' => 4,
        'hashThreads' => 4,
        'hashCost' => 10
    ];
}

Yukarıda yazılmış olan Refresh Token metodu için oluşturulmuş örnek bir config dosyasıdır.

Kullanılan OAuth2.0 metoduna göre değişiklik gösterebilir.

Filter ekleme

İlkli Filtreyi dahil edeceğiz. Dahil edeceğimiz dosya "application/Config/Filter.php":

<?php namespace Config

class Filters extends BaseConfig
{
    public array $aliases = [
        ...
        'oauthfilter' => \ci4oauth2\Filters\OauthFilter::class,
        'rateLimit' => \ci4oauth2\Filters\RateLimit::class
    ];
    
    ...
    public array $filters = [
        'rateLimit' => ['before' => ['login', 'createclient', 'createuser', 'genjwt', 'token']],
        'oauthfilter' => ['before' => ['api','api/*']]
    ];
}

URI Yönlendirme

Bu kısımda "App/Config/Routes.php" dosyasına eklenecek örnek uri oluşturulmuş şekli:

$routes->group('api', ['namespace' => 'App\Controllers'], static function ($routes) {
    $routes->resource('blog',['only'=>['index','show','create', 'update', 'delete']]);
});

Örnek Kullanım

Aşağıda, kütüphanenin kullanımına ilişkin basit bir örnek bulunmaktadır:

<?php

namespace App\Controllers;

use CodeIgniter\Controller;
use ci4oauth2\Libraries\Oauth;

class AuthController extends Controller
{
    private $oauth;
    private $respond;

    public function __construct()
    {
        $config = config('Oauth2Conf');

        $oauth = new Oauth($this->request->getPost('grant_type'),$config);
        $this->respond = $oauth->server->handleTokenRequest($req);
    }

    public function authorize()
    {
        return $this->respond(json_decode($this->respond->getResponseBody()), $this->respond->getStatusCode());
    }
}

Kullanıcıları veritabanında oluşturmak için örnek metotlar şu şekildedir:

public function createclient()
    {
        $vald = [
            'client_id' => ['label' => '', 'rules' => 'required'],
            'client_secret' => ['label' => '', 'rules' => 'required'],
            'redirect_url' => ['label' => '', 'rules' => 'required|valid_url'],
            'grant_types' => ['label' => '', 'rules' => 'required'],
        ];
        if (strpos($this->request->getPost('grant_types'), "password")) {
            $vald['username'] = ['label' => '', 'rules' => 'required'];
            $vald['password'] = ['label' => '', 'rules' => 'required'];
        }
        $valData = ($vald);
        if ($this->validate($valData) == false) return $this->failValidationErrors($this->validator->getErrors());
        $oauth = new \ci4oauth2\Libraries\OauthPdoStorage();
        $result = $oauth->setClientDetails($this->request->getPost('client_id'), $this->request->getPost('client_secret'), $this->request->getPost('redirect_url'), $this->request->getPost('grant_types'));
        if ($result === 0) return $this->respondCreated(['result' => 'client created']);
        else if ($result === true) return $this->respondUpdated(['result' => 'client updated.']);
        else return $this->failServerError();
    }

    public function createuser()
    {
        $valData = ([
            'username' => ['label' => '', 'rules' => 'required'],
            'password' => ['label' => '', 'rules' => 'required']
        ]);
        if ($this->validate($valData) == false) return $this->failValidationErrors($this->validator->getErrors());
        $oauth = new \ci4oauth2\Libraries\OauthPdoStorage();
        $result = $oauth->setUser($this->request->getPost('username'), $this->request->getPost('password'));
        if ($result === 0) return $this->respondCreated(['result' => 'user created']);
        else if ($result === true) return $this->respondUpdated(['result' => 'user updated.']);
        else return $this->failServerError();
    }

Örnek Klasör

Bu klasör içinde bulunan kodları kütüphaneyi dahil ettikten sonra kopyalarak testlerinizi yapabilirsiniz. Örnek klasör yolu "ci4oauth2/example".

Yetkilendirme Türleri

Authorization Code (Yetkilendirme Kodu veri türü)

istemcinin başka bir kullanıcı adına (yani 3. taraf bir kullanıcı adına) korumalı kaynaklara erişim talep etmek istediğinde kullanılır. Bu, genellikle OAuth ile en çok ilişkilendirilen veri türüdür. RFC 6749

Örnek İstek

curl --location 'https://oauth/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id=testclient' \
--data-urlencode 'redirect_uri=http://oauth/' \
--data-urlencode 'code=xyz' \
--data-urlencode 'client_secret=testpass'

Sonuç

{ "access_token": "794b60b710a9d9128387d1dc7920484cf32080c6", "expires_in": 3600, "token_type": "Bearer", "scope": null, "refresh_token": "fa7f4a30f7861047a9a3c130d197b8d708bc0fa3" }

Client Credentials (İstemci Kimlik Bilgileri)

İstemci Kimlik Bilgileri yetkilendirme türü, istemcinin denetimi altındaki korumalı kaynaklara erişim talep ettiği durumlarda kullanılır (yani üçüncü bir taraf bulunmaz). RFC 6749

Örnek İstek

curl --location 'https://oauth/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=testbertug' \
--data-urlencode 'client_secret=passbertug'

Sonuç

{ "access_token": "33d85a1a68ad617add7f66cd7855e532738c3d84", "expires_in": 3600, "token_type": "Bearer", "scope": null }

Kullanıcı Kimlik Bilgileri (User Credentials)

Kullanıcı Kimlik Bilgileri yetkilendirme türü (diğer adıyla Kaynak Sahibi Parola Kimlik Bilgileri), kullanıcının istemci ile güvenilir bir ilişkisi olduğu ve bu nedenle kimlik bilgilerini doğrudan sağlayabildiği durumlarda kullanılır. RFC 6749

Örnek İstek

curl --location 'https://oauth/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=testbertug' \
--data-urlencode 'password=testpass' \
--data-urlencode 'client_id=testbertug' \
--data-urlencode 'client_secret=passbertug'

Sonuç

{ "access_token": "557118343a9f7642804cdeef124195be437eb9c2", "expires_in": 3600, "token_type": "Bearer", "scope": null, "refresh_token": "308c5f9b3b91cdc233b64550e13baa287efa3eea" }

Jetonu Yenile (Refresh Token)

Yenileme Jetonu yetkilendirme türü, istemcinin kullanıcının kaynaklarına verdiği yetkiyi uzatmak amacıyla ek erişim jetonları elde etmek için kullanılır. RFC 6749

Örnek İstek

curl --location 'https://oauth/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=afd5ab42392fd24fe3dc8b0f88c4505b4841d64a' \
--data-urlencode 'client_id=testbertug' \
--data-urlencode 'client_secret=passbertug'

Sonuç

{ "access_token": "7e0c0ed74a06f21c5c0e3d75a086f6c7306113b2", "expires_in": 3600, "token_type": "Bearer", "scope": null }

JWT Taşıyıcı (JWT Bearer)

JWT Taşıyıcı yetkilendirme türü, istemcinin hassas bilgileri (örneğin, istemci sırrı) iletmeksizin erişim jetonları almak istediğinde kullanılır. Bu, güvendiğiniz istemcilerle kullanıcı onayı olmadan kullanıcı kaynaklarına erişmek için de kullanılabilir. RFC 7523

JWT Hazırlanışı

Önceden hazırlanmış ssl keyleri istek atacağınız sunucu için paylaşılmalı veya panel hazırlanıp verilerin işlenmesi istenilmeli. Örnek SSL üretelim:

// private key
$ openssl genrsa -out privatekey.pem 2048

// public key
$ openssl rsa -in privkey.pem -pubout -out publickey.pem

örnek olarak JWT üretmek için kod:

/**
 * Generate a JWT
 *
 * @param $privateKey The private key to use to sign the token
 * @param $iss The issuer, usually the client_id
 * @param $sub The subject, usually a user_id
 * @param $aud The audience, usually the URI for the oauth server
 * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid
 * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid
 * @param $jti The "jwt token identifier", or nonce for this JWT
 *
 * @return string
 */
function generateJWT($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null)
{
    if (!$exp) {
        $exp = time() + 1000;
    }

    $params = array(
        'iss' => $iss,
        'sub' => $sub,
        'aud' => $aud,
        'exp' => $exp,
        'iat' => time(),
    );

    if ($nbf) {
        $params['nbf'] = $nbf;
    }

    if ($jti) {
        $params['jti'] = $jti;
    }

    $jwtUtil = new OAuth2\Encryption\Jwt();

    return $jwtUtil->encode($params, $privateKey, 'RS256');
}

Örnek İstek

curl --location 'http://oauth/authorize' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' \
--data-urlencode 'assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJ0ZXN0Y2xpZW50Iiwic3ViIjoiYmVydHVnIiwiYXVkIjoiaHR0cHM6XC9cL29hdXRoXC90b2tlbiIsImV4cCI6MTY5Nzk0MzA0NywiaWF0IjoxNjk3OTQyMDQ3fQ.zOAR0P4M1MUfNC3Ptn_yuu3YJEwkTl503_RFCGU3omd2HNc12NAWxlZ9hXFr4-T5ymfizWix1hwNcqnBfyO69_ugsHK2G9x5zfzrTfr3cTk592LGWIE6zVhbr2ybmCStz_oocDqBrAO_aQcY0SMFOgqyQPb2OIx_z2rpBmCSdgpaiNB1f0eFbtwlFcbk_IQ9VjU-pvqVaOdWYCjUV690q3gztASBbqzRpqlEVvh9pSdHe700e5eGdefW4gept11VN9i8EL5JuiQJYT0ptOfQbzqJ3N534FLFn56Zg77D2i9yFsAckLZpyyKQCSM-G_-4Jjsamm0fuEANiRDK25PRPF82DRnTOoW09N4z6h5pmk82oibGsqpyjEEmVyT5_UVoAwvKmjvsEMp2L46BM9C4bAm5qdjk_GWZcH_mr98wmfbkNDZ6cPegMMoIVz13yUHBp3VFDYb0EpigqWj6-fBDOxn7__a9S2qIlD6n3Uhg5MxI5HmwB-mrCJ-_CJ2m0hETaW94-KzcN23BUgk5CAdUkwMfndtW8nCmd3MXObo2b_rK8bJlhl_XH87xeGGY7DVb8t1vQnEd0-aonN790qSIt3Bsuzsa7kNEo_YVIu14gcae_9vzN2qn_ZUbzs8xO9t8WEq28M6VdU0xtdnvcq9HobFnIwaRpgsrGTjSOciw2nU'

Sonuç

{ "access_token": "093440df45a567699c0e797d3c0641b3d1977e36", "expires_in": 3600, "token_type": "Bearer", "scope": null }

Bu sadece temel bir kullanım örneği olup, projenize özgü gereksinimlere göre genişletebilirsiniz.

Katkıda Bulunma

Eğer GitHub üzerinde bulunan bu kütüphane hakkında bir sorununuz veya isteğiniz varsa, lütfen GitHub sorun takipçisini kullanarak bildirin. Ayrıca, projeye katkıda bulunmak isterseniz, lütfen bir “pull request” gönderin.

Lisans

Bu kütüphane, MIT Lisansı ile lisanslanmıştır.

About

An easy-to-use library that allows accessing and authenticating with Restful APIs using the OAuth 2 protocol. Essentially, it provides users with a secure and authorized way to access their APIs

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages