The package provides a module for Yii 2.0 that allows you to use OAuth 2.0 authentication. It is based on the league/oauth2-client package.
- Client credentials grant
- Admin module to manage clients
- User id attribute for clients
- Access token encryption
- Access token issuer
- Access token in JWT format
The preferred way to install this extension is through composer.
composer require dmstr/yii2-oauth-module
Add the module to your web application configuration:
<?php
use dmstr\oauth\Module as OAuthModule;
use dmstr\oauth\modules\admin\Module as OAuthAdminModule;
return [
'modules' => [
'oauth' => [
'class' => OAuthModule::class,
'tokenPrivateKey' => 'file:///path/to/private.key', // Path to private key file
'tokenEncryptionKey' => 'your-secret', // optional. Only needed if you have a passphrase for your private key
'accessTokenIssuer' => 'http://localhost:80', // Issuer of the access token.
'userIdAttribute' => 'id', // The attribute of the user model that will be added to the access token as the `sub` claim.
// This is optional but recommended. It will allow you to manage your clients in the admin interface.
'modules' => [
'admin' => [
'class' => OAuthAdminModule::class
]
]
]
],
// This is only needed if your using codemix/yii2-localeurls (https://github.com/codemix/yii2-localeurls)
'components' => [
'urlManager' => [
'ignoreLanguageUrlPatterns' => [
'#^oauth/token#' => '#^oauth/token#'
]
],
'rules' => [
// This is only needed if you want to use the admin module. It will create an url alias to the user module
'oauth/admin/user/index' => 'user/admin/index',
'oauth/admin/user/view' => 'user/admin/update'
]
]
];
And this to your console application configuration:
[
'controllerMap' => [
'migrate' => [
'migrationPath' => [
'@vendor/dmstr/yii2-oauth-module/src/migrations'
]
]
]
]
or run
yii migrate/up --migrationPath=@vendor/dmstr/yii2-oauth-module/src/migrations
First you need to generate a public and private key pair. You can use the following command to generate a key pair:
openssl genrsa -out private.key 2048
If you want to provide a passphrase for your private key run this command instead:
openssl genrsa -aes128 -passout pass:<your-passphrase> -out private.key 2048
When you have installed the module,
Then you need to create a client. You can reach the admin client crud via <your-base-url>/oauth/admin/client/index
.
You have the option to add a user id to the client. This will allow you to use the client to log in as this user after authentication. If you don't
add a user id, the client will be able to access the api, but not log in. The user id is added to the access token in the sub
claim.
To get a new access token, you can send a post request the following endpoint:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&client_id=<your-client-id>&client_secret=<your-client-secret>" <your-base-url>/oauth/token
This will return all required information to authenticate your requests.
You can now use the access token to authenticate your requests.
This example shows how to use the access token to authenticate your requests in a Yii 2.0 REST API. It uses the bizley/yii2-jwt package to authenticate the requests.
<?php
namespace app\api\controllers;
use Da\User\Model\User;
use bizley\jwt\JwtHttpBearerAuth;
use yii\filters\AccessControl;
use yii\rest\Controller;
class ItemsController extends Controller
{
/**
* @inheritdoc
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator']['authMethods'] = [
[
'class' => JwtHttpBearerAuth::class,
// We used auth() here to keep the example simple. Implementing findIdentityByAccessToken() in your user model is recommended.
'auth' => function (Plain $token) {
return User::findIdentity($token->claims()->get('sub'));
}
]
];
$behaviors['access'] = [
'class' => AccessControl::class,
'rules' => [
[
'allow' => true,
'roles' => ['@'],
'actions' => ['index']
]
]
];
return $behaviors;
}
/**
* Example action. Replace with your own.
*/
public function actionIndex(): array
{
return [
[
'id' => 1,
'name' => 'Item 1'
]
];
}
}