tharangakothalawala/sso 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

tharangakothalawala/sso

Composer 安装命令:

composer require tharangakothalawala/sso

包简介

This is a library which can provision new accounts and to authenticate users utilizing third party vendor connections.

README 文档

README

This is a library which can provision new accounts and can authenticate users utilizing third party vendor connections.

Latest Stable Version License Build Status Quality Score Code Coverage Total Downloads

Supported Vendors

  • Amazon
  • Facebook
  • GitHub
  • Google
  • LinkedIn
  • Slack
  • Spotify
  • Stripe
  • Twitter
  • Yahoo
  • Zoom

Structure

There are three(3) main functions.

  • Third Party Login action
  • Authentication process
  • Revoking access to your client application

Third Party Login action

Use the following code to redirect a user to the vendor's login page. The following uses Google as an example.

use TSK\SSO\ThirdParty\Google\GoogleConnectionFactory;

$googleConnectionFactory = new GoogleConnectionFactory();
$googleConnection = $googleConnectionFactory->get(
    'google_client_id',
    'google_client_secret',
    'http://www.your-amazing-app.com/sso/google/grant'
);

header("Location: $googleConnection->getGrantUrl()");

Authentication process

Use the following code to do a signup/signin. The following uses Google as an example. Please note that you will have to implement the TSK\SSO\AppUser\AppUserRepository to provision and validate users according to your application logic. See my example in the examples directory.

DefaultAuthenticator Usage

use TSK\SSO\Auth\DefaultAuthenticator;
use TSK\SSO\Auth\Exception\AuthenticationFailedException;
use TSK\SSO\ThirdParty\Exception\NoThirdPartyEmailFoundException;
use TSK\SSO\ThirdParty\Exception\ThirdPartyConnectionFailedException;
use TSK\SSO\ThirdParty\Google\GoogleConnectionFactory;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$googleConnectionFactory = new GoogleConnectionFactory();
$googleConnection = $googleConnectionFactory->get(
    'google_client_id',
    'google_client_secret',
    'http://www.your-amazing-app.com/sso/google/grant'
);

$authenticator = new DefaultAuthenticator(
    new YourImplementationOfTheAppUserRepository()
);

try {
    $appUser = $authenticator->authenticate($googleConnection);
} catch (AuthenticationFailedException $ex) {
} catch (DataCannotBeStoredException $ex) {
} catch (NoThirdPartyEmailFoundException $ex) {
} catch (ThirdPartyConnectionFailedException $ex) {
} catch (\Exception $ex) {
}

// log the detected application's user in
$_SESSION['userId'] = $appUser->id();

Please note that using the TSK\SSO\Auth\DefaultAuthenticator will just do a simple lookup of the user store using your logic. If you want to support multiple vendors and to avoid creating new users per each of their specific email address, you will have to use this TSK\SSO\Auth\PersistingAuthenticator.

PersistingAuthenticator Usage

This uses File System by default as the storage for the user mappings.

use TSK\SSO\Auth\PersistingAuthenticator;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository()
);
MySQL

There are two classes available for you to use MySQL as the storage.

For MySQL, I have provided a schema file under sql folder. Please use that.

  • TSK\SSO\Storage\PdoThirdPartyStorageRepository
use TSK\SSO\Auth\PersistingAuthenticator;
use TSK\SSO\Storage\PdoThirdPartyStorageRepository;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository(),
    new PdoThirdPartyStorageRepository(
        // In Laravel, you can do this to get its PDO connection: \DB::connection()->getPdo();
        new PDO('mysql:dbname=db;host=localhost', 'foo', 'bar'),
        'Optional Table Name (default:thirdparty_connections)'
    ),
);
  • TSK\SSO\Storage\MysqliThirdPartyStorageRepository
use TSK\SSO\Auth\PersistingAuthenticator;
use TSK\SSO\Storage\PdoThirdPartyStorageRepository;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository(),
    new MysqliThirdPartyStorageRepository(new mysqli('localhost', 'foo', 'bar', 'db')),
);
MongoDB
  • TSK\SSO\Storage\PeclMongoDbThirdPartyStorageRepository
use TSK\SSO\Auth\PersistingAuthenticator;
use TSK\SSO\Storage\PeclMongoDbThirdPartyStorageRepository;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$authenticator = new PersistingAuthenticator(
    new YourImplementationOfTheAppUserRepository(),
    new PeclMongoDbThirdPartyStorageRepository(new MongoDB\Driver\Manager('mongodb://localhost:27017/yourdb'), 'yourdb'),
);

Of course you can use your own storage by just implementing this interface : TSK\SSO\Storage\ThirdPartyStorageRepository.

Revoking vendor access to your client application

use TSK\SSO\ThirdParty\VendorConnectionRevoker;

$vendorConnectionRevoker = new VendorConnectionRevoker(
    $googleConnection, // the vendor connection
    // [optional] `TSK\SSO\Storage\ThirdPartyStorageRepository` implementation. File system storage is used by default
);
$vendorConnectionRevoker->revoke($vendorEmail, $vendorName); // returns a bool

Connecting multiple accounts while logged in.

  • A user may have multiple accounts on one(1) vendor. ex: Multiple Facebook/Google accounts with different email addresses.

  • Or a user can have accounts on other vendors such as Facebook and Google at the same time. You may want to let them connect other accounts to make it easier for them to authenticate/access using multiple vendors.

You can use the TSK\SSO\Auth\AppUserAwarePersistingAuthenticator to validate the account that they selecting.

use TSK\SSO\AppUser\ExistingAppUser;
use TSK\SSO\Auth\AppUserAwarePersistingAuthenticator;
use TSK\SSO\Auth\PersistingAuthenticator;
use YouApp\TSKSSO\YourImplementationOfTheAppUserRepository;

$userId = $_SESSION['userid'];
if (!is_null($userId)) {
    $authenticator = new AppUserAwarePersistingAuthenticator(
        new ExistingAppUser($userId, 'current-loggedin-user-email@tsk-webdevelopment.com')
    );
} else {
    $authenticator = new PersistingAuthenticator(
        new YourImplementationOfTheAppUserRepository()
    );
}

What Next?

To add any missing vendor support and any other storage systems.

Demo

Creating your own apps [Optional]

I have created several demo apps and have registered them in Amazon, GitHub, Google, Twitter & Yahoo. Optionally you may register your own apps if you want to test.

Host File Entry

And add the localhost.com into the host file as following. (Linux : /etc/hosts, Windows: C:\Windows\System32\drivers\etc\hosts)

127.0.0.1    localhost.com

Start Demo

make demo

Then go to http://localhost.com

tharangakothalawala/sso 适用场景与选型建议

tharangakothalawala/sso 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 398 次下载、GitHub Stars 达 7, 最近一次更新时间为 2018 年 12 月 30 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「login」 「SSO」 「signup」 「register」 「signin」 「provision」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 tharangakothalawala/sso 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 tharangakothalawala/sso 我们能提供哪些服务?
定制开发 / 二次开发

基于 tharangakothalawala/sso 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 398
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 7
  • 点击次数: 7
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 7
  • Watchers: 1
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2018-12-30