Full installation guide

[kaiohken1982]

Is it possible to have a full installation guide inside the README file with all the steps explained? Actually I'm stuck at the doctrine db creation.

Thank you

[hkulekci]

Added some details.

[kaiohken1982]

DB schema created successfully created ( I used mysql instead ), here below my local configuration, perhaps should be helpful

'orm_default' => [ 'driver' => 'pdo_mysql', 'host' => 'localhost', 'port' => '3306', 'user' => 'root', 'password' => '', 'dbname' => 'oauth', 'driverOptions' => array( 1002 => 'SET NAMES utf8' ) ],

what is missing now is the data/samples/sample_data.sql, is it possible to integrate it within the source code?

Thank you!

[hkulekci]

I guess your configuration is ok. You don't need any extra things. Maybe, sql file may not be executed correctly in mysql because I used sqlite to sampling my example. You may need some correction for SQL. Now, you can install Postman and add collection and send requests.

[kaiohken1982]

Yeah, the configuration is ok and the DB schema was correctly created by Doctrine2. The issue now is that the next step in the REAMDE is:

"Now you should create a sample user and client to simulate example oauth actions. Please run data/samples/sample_data.sql file."

but there isn't a "data/sample" directory or am I mistaking?

Thank you

[hkulekci]

Ops :) I am really sorry dude. These days, I think I spend a lot of time with my new baby. Sent new updates.

Please don't hesitate to reach me about any other problem 👍

[kaiohken1982]

I really appreciate your help :)

[hkulekci]

You can change some part of this example. For example,AccessTokenRepository can work with redis. To do this, please check this example : https://gist.github.com/hkulekci/fcb688d5169f737d1d5b69c7dd848cb5 this update will save your user's seconds.

[kaiohken1982]

Everything is installed and I think it works fine! :)

I have last request about documentation but obviously feel free to add it whenever you want. It is possible to have a schema about practical usage from the perspectives of a client and a resource server?

Eg. client try to access the train booking microservice app (tbma), tbma communicates with oauth server, how is it happening? I think that the protected application should ask for client credentials right?

What about if from the "tbma" the client goes to another resource server ( eg. hotel booking microservice app, hbma ), how to propagate the client session to this second resource?

Also some graphic schema should be very helpful.

Thank you!

[hkulekci]

For your first question, you can use client credential with clientId and clientSecret to get token from oauth server. You can see all the scenario in RFC.

For second question, your authorization server can be in the middle of your structure . All of your applications (microservice apps), can create and check their tokens with this central server. So, your hbma application can check this coming token with the central server.

[kaiohken1982]

I did some research and I also I've found some helpful video resources on Youtube, anyway RFC was also helpful. At the moment, what I miss is the 'secret' of 'myawesomeapp' and wich kind of algorithm to use to generate secrets ( mcrypt? ) Is there any place where this is explained? I couldn't find any.

Thanks for your help and time! :)

[hkulekci]

You can check this line. PHP password_hash function used and u can see we use a directly our secret for exampling. You need to change this part of the code. I should say that this repository for only exampling OAuth system, this is not production ready.

[hkulekci]

$clients array not used directly to insert database, but it is example of the dataset.

[kaiohken1982]

Perfect, thank you very much :)