• This repository has been archived on 09/Nov/2018
  • Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    PHP
  • License
    MIT License
  • Created almost 13 years ago
  • Updated over 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OAuth2 Server Plugin for CakePHP

This project is unmaintained, see https://github.com/uafrica/oauth-server as an alternative


CakePHP OAuth2 Server Plugin

This is a plugin for implementing an OAuth Server/Provider in CakePHP, built on quizlets oauth2-php library

What's inside?

  • A lovely OAuth component that allows cakey access to the oauth library
  • The required models with super safe automatic beforeSave token hashing
  • AuthComponent'ish interface for action allow/deny's
  • Convenience functions for retrieving the current user and adding clients
  • An example controller with authorize and token end points

Requirements

CakePHP 2.x

A clone of oauth2-php in your Vendors folder

Cloning oauth2-php

$ git clone git://github.com/quizlet/oauth2-php.git Vendor/oauth2-php

Or via submodule:

$ git submodule add git://github.com/quizlet/oauth2-php.git Vendor/oauth2-php

Installation

Populate database

First we need to populate the database with the right tables.

Two ways: use schema.sql or Migrations using Migrations Plugin from CakeDC

Go to Config/Schema/schema.sql to grab the tables

OR

$ cake Migrations.migration run all --plugin OAuth

Cloning

Then clone this repo into a "OAuth" folder in your Plugins folder:

$ git clone git://github.com/thomseddon/cakephp-oauth-server.git Plugin/OAuth

Or via submodule:

$ git submodule add git://github.com/thomseddon/cakephp-oauth-server.git Plugin/OAuth

Loading the Plugin

Load the plugin

CakePlugin::loadAll(); // Loads all plugins at once
CakePlugin::load('OAuth'); //Just load OAuth

Include component in controller

And include the component in your controller:

$components = array('OAuth.OAuth');

Getting Started

OAuth

A good understanding of the OAuth protocol should be considered a prerequisite of using this plugin. Good documentation explaining various OAuth2 flows is provided by Google, Facebook and in the official spec. For reference, this plugin currently supports the following grant types:

If you need any others please build them into the base oauth2-php library and let me know :)

It should be noted here that most OAuth methods support both GET and POST, so you can test your setup straight from the browser.

Controller Setup

To use the "Resource Owner Password Credentials Grant" you need to configure the plugin so it knows where to look for your users username/password combinations. By default it will try a "Users" model with "username" and "password" fields, you can change this in your controllers beforeFilter like so:

$this->OAuth->authenticate = array(
    'userModel' => 'Members',
    'fields' => array(
        'username' => 'email'
    )
);

You can control what actions can be accessed using an OAuth access token in the same way you control access with the AuthComponent, so for example placing this in a controller's beforeFilter:

$this->OAuth->allow(array('userinfo', 'example'));

Would allow access to the "userinfo" and "example" actions.

Adding OAuth Clients

An OAuth client is an application that can access resources on behalf of resource owner, i.e. someone who can use your API.

This plugin ships with all required models, including the "Clients" model for adding and accessing OAuth clients. You may wish to handle adding clients yourself, see the tables.sql for the schema, or you can use the convenience method included in the model, like so:

$client = $this->OAuth->Client->add('http://www.return_url.com')

Which will generate then client_id and client_secret and return something like:

Array(
    [client_id] => NGYcZDRjODcxYzFkY2Rk
    [client_secret] => 8e7ff3208eed06d101bf3da2473fc92ac1c6d2e7
    [redirect_uri] => http://www.return_url.com
)

The method includes various schemes for generating client id's, pick your favourite.

NOTE: This convenience method will generate a random client secret and hash it for security before storage. Although it will pass back the actual raw client secret when you first add a new client, it is not possible to ever determine this from the hash stored in the database. So if the client forgets their secret, a new one will have to be issued.

Included Endpoints

This plugin ships with an example controller that provides the necessary endpoints to generate access tokens. Routes are also included to give you sexy URL's like: "/oauth/token", you can fire them up by placing this in your bootstrap.php:

CakePlugin::loadAll(array(
    'OAuth' => array('routes' => true)
));

As an example, once you have registered a client, you could then use the Authorization Code Grant like so:

  1. Get an Authorization code
  • /oauth/authorize?response_type=code&client_id=xxxx&redirect_url=http%3a%2f%2flocalhost
  • (note the URL encoding on the redirect_uri)
  1. Swap code for access token
  • /oauth/token?grant_type=authorization_code&code=from_above&client_id=xxxx&client_secret=xxxx
  1. Use access token
  • /oauth/userinfo?access_token=from_above

There is quite a bit of documentation through the code, so dive in, get your hands dirty and submit any issues here!

More Repositories

1

traefik-forward-auth

Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
Go
1,941
star
2

co-mongo

A mongodb wrapper that plays nicely with co.
JavaScript
45
star
3

udp-replicator

A tiny UDP proxy that can replicate traffic to one or more endpoints.
Go
39
star
4

cronstring

Parse human readable strings into cron times
JavaScript
35
star
5

koa-body-parser

Parse the request body in koa like ya' used to in express
JavaScript
25
star
6

traefik-certs

Extract SSL certificates from traefik and create certificate files for use elsewhere
Go
15
star
7

chatty

Sexy syslogging for node.js
JavaScript
8
star
8

docdiff

Evaluate the difference between two documents (objects)
JavaScript
5
star
9

docker-utils

Little docker image with a full bash shell and a few network debugging tools
Dockerfile
4
star
10

calc

calc(n) - Simple command line calculator written in C.
C
4
star
11

express-api-bootstrap

Bootstrap for a simple express based API
JavaScript
4
star
12

relay

Fast and private way to send and receive text messages on your phone, via your computer.
JavaScript
3
star
13

napalm-edgeos

Python
3
star
14

relay-android

Android component for relay
Java
2
star
15

http

Beautifully simple PHP HTTP client inspired by node's https://github.com/visionmedia/superagent
PHP
2
star
16

logflume

Simply index syslog messages in elastic search using a logstash compatible format
Go
2
star
17

puppet-nodejs

NodeJS puppet module that doesn't require gcc
Puppet
1
star
18

odlnorth

Official Open Device Lab North website
CSS
1
star
19

icingaweb2-module-urlshipper

Extends Icinga Director to provide an Import Source that will scrape json content from a given url
PHP
1
star