The complete implementation process of REST API application with OAuth2 Server on Yii2

by 永夜 · 2015/08/26

浏览量： 3

1. Based onhttps://github.com/Filsh/yii2-oauth2-server实现；

Run: php composer.phar require –prefer-dist filsh/yii2-oauth2-server “*”

Install yii2-oauth2-server

2. Configure in the application:

E:\wwwroot\api.hmwis.com\passport\config\main.php

Modules=>[
oauth2=> [
class=>FILSH\Yii2\OAuth2Server\Module,
tokenparamname=>accessToken,
TokenAccessLifeTime=> 3600 * 24,
StorageMap=> [
user_credentials=>common\models\user,
]#ATFP_CLOSE_Translate_span#,
GrantTypes=>[
user_credentials=> [
class=>oauth2\grantType\usercredentials,
]#ATFP_CLOSE_Translate_span#,
refresh_token=>[
class=>oauth2\grantType\refreshtoken,
Always_issue_new_refresh_token=> true
]#ATFP_CLOSE_Translate_span#
]
],
v1=>[
class=>passport\modules\v1\module,
]#ATFP_CLOSE_Translate_span#,
],

Configure OAuth2 in the application

3. Edit the user model class User.php:

E:\wwwroot\api.hmwis.com\common\models\user.php

Implement the interface\OAuth2\Storage\UserCredentialsInterface
Class User extends ActiveRecord IdentityInterface, \oauth2\Storage\UserCredentialsInterface

$实现接口\OAuth2\Storage\UserCredentialsInterface$

Implement the interface\OAuth2\Storage\UserCredentialsInterface

3.1. Find the corresponding users based on the mailbox and mobile phone:

Find corresponding users based on mailbox and mobile phone

3. Implement two methods in the interface class:

Implementing two methods in the interface class

4. Run data migration:

Run: yii migrate –migrationpath=@vendor/filsh/yii2-oauth2-server/migrations

$PHP Strict Warning 'yii\base\ErrorException' with message 'Declaration of m14050 1_075311_add_oauth2_server::primaryKey() should be compatible with yii\db\Migrat ion::primaryKey($length = NULL)'$

php strict warningYii\Base\ErrorExceptionwith messageDeclaration of M14050
1_075311_add_oauth2_server::primaryKey() should be compared with yii\db\migrat
ION::PrimaryKey($length = null)

5. Edit M140501_075311_add_oauth2_server.php:

public function primaryKey($columns = null) {
returnprimary key (. $this->db->getQueryBuilder()->buildColumns($columns) .);
}

Edit m140501_075311_add_oauth2_server.php

6. Run again: yii migrate –migrationpath=@vendor/filsh/yii2-oauth2-server/migrations

再次运行：yii migrate --migrationPath=@vendor/filsh/yii2-oauth2-server/migrations

Run again: yii migrate –migrationpath=@vendor/filsh/yii2-oauth2-server/migrations

6.1. Check that the corresponding data table already exists in the database:

View the corresponding data table already in the database

7. Add the url rule to the urlmanager:

E:\wwwroot\api.hmwis.com\passport\config\main-local.php

post oauth2/<action:\w+>=>oauth2/rest/<action>,

Add url rules to urlmanager

8. To use the extension, just add the behavior to your base controller:

To use the extension just add behavior to your base controller

9,http://passport.api.hmwis.com/oauth2/token

"SQLSTATE[42S02]: Base table or view not found: 1146 Table 'api_hmwis_com.oauth_clients' doesn't exist"

“sqlstate[42S02]: base table or view not found: 1146 tableapi_hmwis_com.oauth_clientsdoesn’tt exist”

10, e:\wwwroot\api.hmwis.com\vendor\filsh\yii2-oauth2-server\storage\pdo.php

$this->config = array_merge(array(
client_table=> \yii::$app->db->tablePrefix .oauth_clients,
access_token_table=> \yii::$app->db->tablePrefix .oauth_access_tokens,
REFRESH_TOKEN_TABLE=> \yii::$app->db->tablePrefix .oauth_refresh_tokens,
code_table=> \yii::$app->db->tablePrefix .oauth_authorization_codes,
USER_TABLE=> \yii::$app->db->tablePrefix .oauth_users,
jwt_table => \yii::$app->db->tablePrefix .oauth_jwt,
JTI_table => \yii::$app->db->tablePrefix .oauth_jti,
SCOPE_TABLE => \yii::$app->db->tablePrefix .oauth_scopes,
public_key_table => \yii::$app->db->tablePrefix .oauth_public_keys,
), $config);

Set the data table prefix

11,http://passport.api.hmwis.com/oauth2/token

Request success:

{
“access_token”: “17b22dc4746f37ebd2019a256147944c84dec090”,
“expires_in”: 86400,
“token_type”: “bearer”,
“scope”: null,
“refresh_token”: “6a26bd0e049041bfd217ff7849d865c486449617”
}

Request access token successfully

12, e:\wwwroot\api.hmwis.com\passport\controllers\usercontroller.php

public function checkAccess($action, $model = null, $params =[])
{
$oauthuser = yii::$app->user->identity;

$uid = yii::$app->request->get(ID);

if ($oauthuser[‘id’]!= yii::$app->request->get(ID)) {
Throw new unauthorizedHttpException(yii::t(app/error,30054), $code = 30054);
}
}

Check the access method to determine whether the owner of the access token is the requesting user ID

12.1. If the owner of the access token is not the same person as the current user, an error is prompted:

If the access token owner is not the same person as the current user, an error is prompted

13. Edit the oauth_clients table:

Edit the oauth_clients table and set client authorization

14. Set the validity period of the access token and the refresh token to 7 days and 30 days respectively

E:\wwwroot\api.hmwis.com\vendor\filsh\yii2-oauth2-server\module.php

Set the validity period of the access token and the refresh token to 7 days and 30 days respectively

15. Obtain access tokens through password credentials

http://passport.api.hmwis.com/oauth2/token

if GRANT_TYPE = AUTHORIZATION_CODE
Request failed:

{
“name”: “bad request”,
“message”: “grant type \”authorization_code\” not supported”,
“code”: 0,
“status”: 400,
“type”: “filsh\yii2\oauth2server\exceptions\HttpException”
}