定制 beyondbluesky/oauth2-pkce-client 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

beyondbluesky/oauth2-pkce-client

Composer 安装命令:

composer require beyondbluesky/oauth2-pkce-client

包简介

OAuth2 Client implementation using PKCE

README 文档

README

This Symfony bundle allows a Symfony 8 application to authenticate users against an OAuth2-compliant server using PKCE (RFC 7636).

Compatibility

  • PHP: 8.4+
  • Symfony: 8.x

Requirements Overview

To integrate the bundle, you need:

  • A custom authenticator based on Symfony's modern authenticator system
  • A controller endpoint that matches your OAuth2 redirect URI
  • A table to store PKCE state, verifier, challenge, and issued tokens
  • A bundle config file with client and server OAuth2 settings
  • Security firewall configuration that uses custom_authenticators

Installation

  1. Install the package:
composer require beyondbluesky/oauth2-pkce-client
  1. Create the bundle config file:

config/packages/oauth2_pkce_client.yaml

oauth2_pkce_client:
    server_uris:
        auth_uri: https://oauth2.localnet/oauth2/auth
        token_uri: https://oauth2.localnet/oauth2/token
        owner_uri: https://oauth2.localnet/oauth2/owner
    client:
        id: '%env(resolve:OAUTH2_CLIENT)%'
        secret: '%env(resolve:OAUTH2_SECRET)%'
        scope: '%env(resolve:OAUTH2_SCOPE)%'
        redirect_uri: '%env(resolve:OAUTH2_REDIRECT)%'
        server_cert: '%env(resolve:OAUTH2_SERVER_CERT)%'
        cert: '%env(resolve:OAUTH2_CLIENT_CERT)%'
        cert_key: '%env(resolve:OAUTH2_CLIENT_CERT_KEY)%'
  1. Create the OAuth2 controller with route attributes:

src/Controller/OAuth2Controller.php

<?php

namespace App\Controller;

use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use BeyondBlueSky\OAuth2PKCEClient\DependencyInjection\OAuth2PKCEClientExtension as OAuth2PKCEClient;
use BeyondBlueSky\OAuth2PKCEClient\Entity\OAuth2Session;

#[Route('/oauth2')]
class OAuth2Controller extends AbstractController
{
    #[Route('/login', name: 'oauth_login', methods: ['GET'])]
    public function oauthLogin(OAuth2PKCEClient $oauth2, EntityManagerInterface $entityManager): Response
    {
        $session = new OAuth2Session();
        $response = $oauth2->getAuthRedirect($session);

        $entityManager->persist($session);
        $entityManager->flush();

        return $response;
    }

    #[Route('/check', name: 'oauth_check', methods: ['GET'])]
    public function oauthRedirect(Request $request): Response
    {
        return $this->redirectToRoute('homepage');
    }
}
  1. Create a User entity implementing modern security interfaces:
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
    public function getUserIdentifier(): string
    {
        return $this->username;
    }

    public function getRoles(): array
    {
        return ['ROLE_USER'];
    }

    public function getPassword(): string
    {
        return '-';
    }

    public function eraseCredentials(): void
    {
    }
}
  1. Implement your authenticator by extending OAuth2PKCEAuthenticator:

src/Security/OAuth2Authenticator.php

<?php

namespace App\Security;

use App\Entity\Security\User;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\User\UserInterface;
use BeyondBlueSky\OAuth2PKCEClient\Security\OAuth2PKCEAuthenticator;

class OAuth2Authenticator extends OAuth2PKCEAuthenticator
{
    public function supports(Request $request): bool
    {
        return $request->getPathInfo() === '/oauth2/check' && $request->isMethod('GET');
    }

    public function getUser($credentials): ?UserInterface
    {
        $oauthUser = $this->fetchUser($credentials);

        $user = $this->em->getRepository(User::class)->findOneBy([
            'username' => $oauthUser->login,
        ]);

        if (! $user) {
            $user = new User();
            $user->setUsername($oauthUser->login);
            $user->setEmail($oauthUser->email ?? null);
            $user->setPassword('-');
            $user->setRoles(['ROLE_USER']);
            $this->em->persist($user);
            $this->em->flush();
        }

        return $user;
    }
}
  1. Configure security.yaml to use custom_authenticators:

config/packages/security.yaml

security:
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'

    providers:
        oauth_user_provider:
            entity:
                class: App\Entity\Security\User
                property: username

    firewalls:
        main:
            lazy: true
            provider: oauth_user_provider
            custom_authenticators:
                - App\Security\OAuth2Authenticator
  1. Create or run your Doctrine migration:
php bin/console doctrine:migrations:diff
php bin/console doctrine:migrations:migrate
  1. Start authentication by opening:
/oauth2/login

If your redirect URI and OAuth2 server config are correct, the PKCE login flow should start.

beyondbluesky/oauth2-pkce-client 适用场景与选型建议

beyondbluesky/oauth2-pkce-client 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1.36k 次下载、GitHub Stars 达 5, 最近一次更新时间为 2020 年 05 月 02 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「client」 「oauth2」 「pkce」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 beyondbluesky/oauth2-pkce-client 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 beyondbluesky/oauth2-pkce-client 我们能提供哪些服务?
定制开发 / 二次开发

基于 beyondbluesky/oauth2-pkce-client 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 1.36k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 5
  • 点击次数: 7
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 5
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: CC-BY-NC-SA-4.0
  • 更新时间: 2020-05-02