salla/ouath2-merchant
Composer 安装命令:
composer require salla/ouath2-merchant
包简介
Salla OAuth 2.0 Client Provider for The PHP League OAuth2-Client
README 文档
README
Salla OAuth 2.0 Client
This package provides Salla OAuth 2.0 support for the PHP language OAuth 2.0 Client.
Explore our blogs »
Report Bug ·
Request Feature
· </Salla Developers>
Overview
To use this package, it will be necessary to have a Salla client ID and client secret. These are referred to as {client-id} and {client-secret} in the documentation.
Please follow the Salla instructions to create the required credentials.
OAuth Workflow
Installation
You can install the package via Composer:
composer require salla/ouath2-merchant
Usage
Authorization Code Flow
<?php require_once './vendor/autoload.php'; use Salla\OAuth2\Client\Provider\Salla; $provider = new Salla([ 'clientId' => '{client-id}', // The client ID assigned to you by Salla 'clientSecret' => '{client-secret}', // The client password assigned to you by Salla 'redirectUrl' => 'https://yourservice.com/callback_url', // the url for current page in your service ]); /** * In case the current callback url doesn't have an authorization_code * Let's redirect the merchant to the installation/authorization app workflow */ if (empty($_GET['code'])) { $authUrl = $provider->getAuthorizationUrl([ 'scope' => 'offline_access', //Important: If you want to generate the refresh token, set this value as offline_access ]); header('Location: '.$authUrl); exit; } /** * The merchant completes the installation/authorization app workflow * And the callback url has an authorization_code as a parameter * Let's exchange the authorization_code with access token */ try { $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // // ## Access Token // // You should store the access token // which may use in authenticated requests against the Salla's API echo 'Access Token: '.$token->getToken()."<br>"; // // ## Refresh Token // // You should store the refresh token somewhere in your system because the access token expired after 14 days, // so you can use the refresh token after that to generate a new access token without asking any access from the merchant // // $token = $provider->getAccessToken(new RefreshToken(), ['refresh_token' => $token->getRefreshToken()]); // echo 'Refresh Token: '.$token->getRefreshToken()."<br>"; // // ## Expire date // // This helps you to know when the access token will be expired // so before that date, you should generate a new access token using the refresh token echo 'Expire Date : '.$token->getExpires()."<br>"; // // ## Merchant Details // // Using the access token, we may look up details about the merchant. // --- Same request in Curl --- // curl --request GET --url 'https://accounts.salla.sa/oauth2/user/info' --header 'Authorization: Bearer <access-token>' /** @var \Salla\OAuth2\Client\Provider\SallaUser $user */ $user = $provider->getResourceOwner($token); /** * { * "id": 1771165749, * "name": "Test User", * "email": "testuser@email.partners", * "mobile": "+966500000000", * "role": "user", * "created_at": "2021-12-31 11:36:57", * "merchant": { * "id": 1803665367, * "username": "dev-j8gtzhp59w3irgsw", * "name": "dev-j8gtzhp59w3irgsw", * "avatar": "https://i.ibb.co/jyqRQfQ/avatar-male.webp", * "store_location": "26.989000873354787,49. 62477639657287", * "plan": "special", * "status": "active", * "domain": "https://salla.sa/YOUR-DOMAIN-NAME", * "created_at": "2021-12-31 11:36:57" * } * } */ var_export($user->toArray()); echo 'User ID: '.$user->getId()."<br>"; echo 'User Name: '.$user->getName()."<br>"; echo 'Store ID: '.$user->getStoreID()."<br>"; echo 'Store Name: '.$user->getStoreName()."<br>"; // // 🥳 // // You can now save the access token and refresh the token in your database // with the merchant details and redirect him again to Salla dashboard (https://s.salla.sa/apps) // // ## Access to authenticated APIs for the merchant // // You can also use the same package to call any authenticated APIs for the merchant // Using the access token, information can be obtained from a list of endpoints. // // --- Same request in Curl --- // curl --request GET --url 'https://api.salla.dev/admin/v2/orders' --header 'Authorization: Bearer <access-token>' $response = $provider->fetchResource( 'GET', 'https://api.salla.dev/admin/v2/orders', $token->getToken() ); var_export($response); } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { // Failed to get the access token or merchant details. // show an error message to the merchant with good UI exit($e->getMessage()); }
Refreshing a Token
Refresh tokens are only provided to applications that request offline access. You can specify offline access by passing the scope option in your getAuthorizationUrl() request.
use Salla\OAuth2\Client\Provider\Salla; $provider = new Salla([ 'clientId' => '{client-id}', 'clientSecret' => '{client-secret}', ]); $refreshToken = 'FromYourStoredData'; $token = $provider->getAccessToken('refresh_token', ['refresh_token' => $refreshToken]);
Using Salla OAuth2 Inside Laravel
You can seamlessly integrate Salla OAuth2 within Laravel using the facade helper provided by the package. Here's how you can do it:
First, use the facade helper in your Laravel project:
use \Salla\OAuth2\Client\Facade\SallaOauth; // Generate the authorization URL with the required scope $authUrl = SallaOauth::getAuthorizationUrl([ 'scope' => 'offline_access', // Important: Set this value to 'offline_access' to generate a refresh token ]); // Retrieve the access token using the authorization code $token = SallaOauth::getAccessToken('authorization_code', [ 'code' => request()->get('code') ]);
To configure the OAuth2 service, set the necessary environment variables in your .env file:
SALLA_OAUTH_CLIENT_ID="" SALLA_OAUTH_CLIENT_SECRET="" SALLA_OAUTH_CLIENT_REDIRECT_URI=""
These settings ensure that your Laravel application can properly communicate with the Salla OAuth2 service, allowing you to handle authentication and retrieve access tokens efficiently.
Using Salla OAuth2 as a Laravel Guard
When integrating Salla OAuth2 for authentication, you may need to validate the merchant's access token and retrieve user information during a request.
To achieve this, add the \Salla\OAuth2\Client\Http\OauthMiddleware middleware to the routes you wish to protect. This middleware ensures that a user is logged in via Salla OAuth2.
However, note that this middleware only verifies user authentication. Additional authorization checks must be implemented separately as needed. The package conveniently stores the resource owner information as a request attribute, facilitating further authorization.
After adding the middleware to your route, you can access the current authenticated user using the following code:
auth()->guard('salla-oauth'); // To check if a user is authenticated: auth()->guard('salla-oauth')->check(); // To get the authenticated user's ID: auth()->guard('salla-oauth')->id(); // To get the merchant information of the authenticated user: auth()->guard('salla-oauth')->merchant();
By leveraging this middleware, you ensure secure access to your routes while maintaining flexibility for additional authorization requirements.
Testing
composer test
Support
The team is always here to help you. Happen to face an issue? Want to report a bug? You can submit one here on GitHub using the Issue Tracker. If you still have any questions, please contact us by joining the Global Developer Community on Telegram or via the Support Email.
Contributing
Contributions are what make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Security
If you discover any securitys-related issues, please email security@salla.sa instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.
salla/ouath2-merchant 适用场景与选型建议
salla/ouath2-merchant 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 126.3k 次下载、GitHub Stars 达 23, 最近一次更新时间为 2021 年 10 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「authorization」 「client」 「oauth」 「oauth2」 「authorisation」 「salla」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 salla/ouath2-merchant 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 salla/ouath2-merchant 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 salla/ouath2-merchant 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
WeChat OAuth SDK
Ory-Hydra OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Library for ORCID web services
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
Mock PSR-18 HTTP client
Asynchronous MQTT client built on React
统计信息
- 总下载量: 126.3k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 24
- 点击次数: 29
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2021-10-04