我正在尝试使用 Doctrine 作为实体管理器实现 OAuth2。我完全遵循了本教程:
http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/
这是我在用户向 API 发出请求时调用的代码:
// obtaining the entity manager
$entityManager = EntityManager::create($conn, $config);
$clientStorage = $entityManager->getRepository('OAuthClient');
$clients = $clientStorage->findAll();
print_r($clients); // We are getting the clients from the database.
$userStorage = $entityManager->getRepository('OAuthUser');
$accessTokenStorage = $entityManager->getRepository('OAuthAccessToken');
$authorizationCodeStorage = $entityManager->getRepository('OAuthAuthorizationCode');
$refreshTokenStorage = $entityManager->getRepository('OAuthRefreshToken');
//Pass the doctrine storage objects to the OAuth2 server class
$server = new OAuth2Server([
'client_credentials' => $clientStorage,
'user_credentials' => $userStorage,
'access_token' => $accessTokenStorage,
'authorization_code' => $authorizationCodeStorage,
'refresh_token' => $refreshTokenStorage,
], [
'auth_code_lifetime' => 30,
'refresh_token_lifetime' => 30,
]);
$server->addGrantType(new OAuth2GrantTypeClientCredentials($clientStorage));
// handle the request
$server->handleTokenRequest(OAuth2Request::createFromGlobals())->send();
每当使用正确的凭据进行调用时,我都会收到以下响应:
Array
(
[0] => OAuthClient Object
(
[id:OAuthClient:private] => 1
[client_identifier:OAuthClient:private] => testclient
[client_secret:OAuthClient:private] => testpass
[redirect_uri:OAuthClient:private] => http://fake.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
[1] => OAuthClient Object
(
[id:OAuthClient:private] => 2
[client_identifier:OAuthClient:private] => trevor
[client_secret:OAuthClient:private] => hutto
[redirect_uri:OAuthClient:private] => https://www.another.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
)
{"error":"invalid_client","error_description":"The client credentials are invalid"}
因此,我们从数据库中获取客户端,我们应该检查它们,并返回它们确实存在并颁发访问令牌。但是,由于某种原因,OAuth2 服务器(可在此处看到)无法将给定凭据与存储的凭据匹配。
我不认为这是一个教义问题,因为我可以使用findAll()相当容易地检索结果。
我的问题是:
为什么会发生这种情况,我该如何解决?
我发现了问题。在教程 (http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/) 中,他们没有提到当根据提供的客户端密码的哈希版本检查客户端密码时。
在本教程中,当他们将示例客户端密码放入数据库时,他们不会对其进行哈希处理。
如果在将客户端密码插入数据库时对其进行哈希处理,它将按预期工作。