xp-forge/web-auth
Composer 安装命令:
composer require xp-forge/web-auth
包简介
Web Authentication
README 文档
README
Authentication for web services. Supports authenticating URLs with fragments such as https://example.com/#/users/thekid without losing information when redirecting.
☑ Verified with Twitter (OAuth 1), Microsoft Office 365, Facebook, GitHub and Google (OAuth 2).
Examples
HTTP basic authentication:
use web\auth\Basic; use util\Secret; $auth= new Basic('Administration', function($user, Secret $secret) { return 'admin' === $user && $secret->equals('secret') ? ['id' => 'admin'] : null; }); return ['/' => $auth->required(function($req, $res) { $res->send('Hello @'.$req->value('user')['id'], 'text/plain'); })];
Authentication via Twitter:
use web\auth\SessionBased; use web\auth\oauth\OAuth1Flow; use web\session\ForTesting; $flow= new OAuth1Flow( 'https://api.twitter.com/oauth', [$credentials->named('twitter_oauth_key'), $credentials->named('twitter_oauth_secret')], $callback ); $auth= new SessionBased( $flow, new ForTesting(), $flow->fetchUser('https://api.twitter.com/1.1/account/verify_credentials.json') ); return ['/' => $auth->required(function($req, $res) { $res->send('Hello @'.$req->value('user')['screen_name'], 'text/plain'); })];
The $callback parameter should be the path matching the path in the callback URI registered with Twitter.
Authentication via GitHub:
use web\auth\SessionBased; use web\auth\oauth\OAuth2Flow; use web\session\ForTesting; $flow= new OAuth2Flow( 'https://github.com/login/oauth/authorize', 'https://github.com/login/oauth/access_token', [$credentials->named('github_oauth_key'), $credentials->named('github_oauth_secret')], $callback ); $auth= new SessionBased( $flow, new ForTesting(), $flow->fetchUser('https://api.github.com/user') ); return ['/' => $auth->required(function($req, $res) { $res->send('Hello @'.$req->value('user')['login'], 'text/plain'); })];
The $callback parameter should be the path matching the path in the callback URI registered with GitHub.
Authentication via Google:
use web\auth\SessionBased; use web\auth\oauth\OAuth2Flow; use web\session\ForTesting; $flow= new OAuth2Flow( 'https://accounts.google.com/o/oauth2/v2/auth', 'https://oauth2.googleapis.com/token', [$credentials->named('google_oauth_key'), $credentials->named('google_oauth_secret')], $callback, ['https://www.googleapis.com/auth/userinfo.profile'] ); $auth= new SessionBased( $flow, new ForTesting(), $flow->fetchUser('https://openidconnect.googleapis.com/v1/userinfo') ); return ['/' => $auth->required(function($req, $res) { $res->send('Hello @'.$req->value('user')['name'], 'text/plain'); })];
The $callback parameter should be the path matching the path in the callback URI registered with GitHub.
Authentication via Office 365 Azure AD:
use util\Secret; use web\auth\SessionBased; use web\auth\oauth\{OAuth2Flow, BySecret, ByCertificate, ByPKCE}; use web\session\ForTesting; // Depending on what you have set up under "Certificates & Secrets", use one // of the following. For certificate-based authentication, $privateKey can // hold either the key's contents or reference it as 'file://private.key' $credentials= new BySecret('[APP-ID]', new Secret('...')); $credentials= new ByCertificate('[APP-ID]', '[THUMBPRINT]', $privateKey); $credentials= new ByPKCE('[APP-ID]', 'S256'); $flow= new OAuth2Flow( 'https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/authorize', 'https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/token', $credentials, $callback, ['openid', 'profile', 'offline_access', 'User.Read'] ); $auth= new SessionBased( $flow, new ForTesting(), $flow->fetchUser('https://graph.microsoft.com/v1.0/me') ); return ['/' => $auth->required(function($req, $res) { $res->send('Hello @'.$req->value('user')['login'], 'text/plain'); })];
The $callback parameter should be the path matching the path in the callback URI registered with the Azure AD application.
Authentication via CAS ("Central Authentication Service"):
use web\auth\SessionBased; use web\auth\cas\CasFlow; use web\session\ForTesting; $flow= new CasFlow('https://sso.example.com/'); $auth= new SessionBased($flow, new ForTesting()); return ['/' => $auth->required(function($req, $res) { $res->send('Hello @'.$req->value('user')['username'], 'text/plain'); })];
Target URLs
By default, the flow instances use the request URI to determine where the service is running. Behind a proxy, this is most probably not the user-facing URI. To change this behavior, use the target() method and pass a UseURL instance as follows:
use web\auth\UseURL; use web\auth\cas\CasFlow; $flow= (new CasFlow('https://sso.example.com/'))->target(new UseURL('https://service.example.com/'));
xp-forge/web-auth 适用场景与选型建议
xp-forge/web-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 16.7k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2019 年 12 月 01 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「module」 「xp」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 xp-forge/web-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 xp-forge/web-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 xp-forge/web-auth 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
bootstrap select field module implementing http://silviomoreto.github.io/bootstrap-select/
Yii2 module to manage website content. Kind of a CMS...
Codeurx Modular is simply a package for Laravel to help you create and manage modules.
User Module for the Attogram Framework
Info Module for the Attogram Framework
Contact Form Module for the Attogram Framework
统计信息
- 总下载量: 16.7k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 35
- 依赖项目数: 2
- 推荐数: 0
其他信息
- 授权协议: BSD-3-Clause
- 更新时间: 2019-12-01

