thamtech/yii2-jsonrpc-jwsauth
Composer 安装命令:
composer require thamtech/yii2-jsonrpc-jwsauth
包简介
JWS Token Authentication over JSON RPC 2.0
关键字:
README 文档
README
An extension to handle signed access token authentication via JSON RPC 2.0.
This library interfaces with yii2-json-rpc-2.0 to provide the JSON RPC 2.0 communication in your controller and namshi/jose to generate signed JWS tokens.
For license information check the LICENSE-file.
Installation
The preferred way to install this extensions is through composer.
Either run
php composer.phar require --prefer-dist thamtech/yii2-jsonrpc-jwsauth
or add
"thamtech/yii2-jsonrpc-jwsauth": "*"
to the require section of your composer.json file.
Integration
-
Generate a kepair using OpenSSL and store the keys in public.pem and private.pem.
-
Add the JwsManager application component in your site configuration:
return [ 'components' => [ 'jwsManager' => [ 'class' => 'thamtech\jwsauth\components\JwsManager', 'pubkey' => '@app/config/keys/jwsauth/public.pem', 'pvtkey' => '@app/config/keys/jwsauth/private.pem', // The settings below are optional. Defaults will be used if not set here. //'encoder' => 'Namshi\JOSE\Base64\Base64UrlSafeEncoder', //'refreshExp' => '24 hours', //'exp' => '1 hour', //'alg' => 'RS256', //'jwsClass' => 'Namshi\JOSE\SimpleJWS', ], ] ]
-
Create a
UserControllerin your application:class UserController extends \thamtech\jwsauth\controllers\UserController { // parent class provides actionAuthenticate($username, $passwrd) // and actionRefreshToken() // You may add your own additional methods to provide additional user // management services such as registration, password changes, etc. }
-
Update your
Usermodel to implement\thamtech\jwsauth\models\IdentityInterfaceinstead of\yii\web\IdentityInterface, and use theSimpleUserTrait:class User extends \yii\base\Object implements \thamtech\jwsauth\models\IdentityInterface { use SimpleUserTrait; public $id; public $username; // You must still implement all methods required by \yii\web\IdentityInterface // since \thamtech\jwsauth\models\IdentityInterface extends // \yii\web\IdentityInterface }
-
Add the JsonRpcAuth filter on any \JsonRpc2\Controller you would like jwsauth-authenticated users to access:
public function behaviors() { return [ 'authenticator' => [ 'class' => \thamtech\jwsauth\filters\auth\JsonRpcAuth::className(), 'except' => ['public-method-1', 'public-method-2'], ], ]; }
Client-Side Usage
-
Make a JSON RPC request to the authenticate method passing in a username and password.
http://yoursite/userwith data
{ "jsonrpc": "2.0", "id": 1, "method": "authenticate", "params": { "username": "YOUR-USERNAME", "password": "YOUR-PASSWORD" } }
and a successful response will be something like this
{"jsonrpc":"2.0","id":1,"result":{"token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY"}}
-
Make a JSON RPC request to any controller/method requiring authentication using the token provided in the previous step:
http://yoursite/protected-controllerwith data
{ "jsonrpc": "2.0", "id": 2, "auth": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY", "method": "access-sensitive-data", "params": {"id": 27} }
Expiration and Refreshing Tokens
When the token expires (after 1 hour by default), you may refresh the token without requiring the user to re-authenticate with username and password. This is allowed up to the refresh expiration of a token (24 hours by default).
If you have a valid token and make an authenticated request but receive a result like the following:
{ "jsonrpc": "2.0", "id": 3, "error": { "code": -32652, "data": null, "message": "Invalid or expired token" } }
then your next step is to try to refresh the token:
http://yoursite/user
with data
{ "jsonrpc": "2.0", "id": 4, "auth": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY", "method": "refresh-token" }
The response will either contain a new token which you may continue using normally:
{"jsonrpc":"2.0","id":4,"result":{"token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY"}}
Or an indication that the token could not be refreshed:
{ "jsonrpc": "2.0", "id": 3, "error": { "code": -32652, "data": null, "message": "expired; user must reauthenticate" } }
If the token could not be refreshed, then you will need to:
-
Ask the user to re-login with their username and password
-
Use the "authenticate" method in Step 1 of the Client-Side Usage section above to get a new auth token.
-
Continue making authenticated requests with the new token.
Advanced Usage
-
You do not have to use
SimpleUserTraitin your User identity. It is merely a convenience for most use cases. You are free to implement your owngetAuthKey()andfindIdentityByAccessToken()methods directly in yourUseridentity class in a way that better suits your application's needs. -
Rather than instantiating a
UserControlleras a sublcass, you could refer to\thamtech\jwsauth\controllers\UserControllerdirectly in a controller map:[ 'controllerMap' => [ // declares "login" controller using a class name 'login' => 'thamtech\jwsauth\controllers\UserController', ], ]
See Also
-
cranetm/yii2-json-rpc-2.0 - Yii 2 extension that helps turn your Controllers into JSON RPC 2.0 APIs.
-
namshi/jose - PHP implementation of the JWS (JSON Web Signature) specification.
-
JSON Web Signature (JWS) - JWS specifications
thamtech/yii2-jsonrpc-jwsauth 适用场景与选型建议
thamtech/yii2-jsonrpc-jwsauth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 6 次下载、GitHub Stars 达 1, 最近一次更新时间为 2015 年 09 月 25 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「rpc」 「json」 「auth」 「json-rpc」 「token」 「yii」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 thamtech/yii2-jsonrpc-jwsauth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 thamtech/yii2-jsonrpc-jwsauth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 thamtech/yii2-jsonrpc-jwsauth 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Laravel Multiauth package
Microservice RPC through message queues.
Kinikit - PHP Application development framework MVC component
A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.
ext-json wrapper with sane defaults
A package to cast json fields, each sub-keys is castable
统计信息
- 总下载量: 6
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 17
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Apache-2.0
- 更新时间: 2015-09-25