search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.52k stars 1.12k forks source link

Missing documentation: Custom grants #611

Open pdrosos opened 8 years ago

pdrosos commented 8 years ago

Hi,

I am currently developing mobile app and API, using the OAuth2 server with Password grant. I must also implement user login via Facebook and LinkedIn.

As far as I understand I need to develop custom grant types to integrate the Facebook and LinkedIn login with the OAuth2 server. But I can't find any documentation to point me in the right direction how to do it. This docs page is still not written: http://oauth2.thephpleague.com/authorization-server/custom-grants/

I am wondering, is it possible and is it a good idea instead of custom grant types just to validate the user via the FB / LinkedIn APIs and manually issue access + refresh token for him?

@alexbilbie it would be very nice if you could give me some advice how to solve this use case and how to implement custom grant type or manually issue access token and refresh token.

Thanks in advance!

alexplumb commented 8 years ago

I recently had this very same problem and ended up building a custom grant type for the social network logins we support. I've attached the grant and interfaces if you want an idea of what needs to be done to make it work.

SocialProviderEntityInterface.txt SocialProviderRepositoryInterface.txt SocialGrant.txt

The required request parameters are: 1) grant_type = urn:alex:params:oauth:grant-type:social 2) identifier = the identifier of the user returned by the social network 3) provider = an identifier saying which social network it is

Implementing looks like this:

    // Init our repositories
    $clientRepository = new ClientRepository( );
    $scopeRepository = new ScopeRepository( );
    $accessTokenRepository = new AccessTokenRepository( );
    $refreshTokenRepository = new RefreshTokenRepository( );
    $userRepository = new UserRepository( );
    $socialProviderRepository = new SocialProviderRepository( );

    // Setup the authorization server
    $this->_server = new AuthorizationServer(
        $clientRepository,
        $accessTokenRepository,
        $scopeRepository,
        $this->_private_key_path,
        $this->_public_key_path
    );

    $grant = new SocialGrant( $userRepository, $socialProviderRepository, $refreshTokenRepository );

    $grant->setRefreshTokenTTL( new \DateInterval( 'P1M' ) );

    $this->_server->enableGrantType( $grant, new \DateInterval( 'PT1H' ) );
pdrosos commented 8 years ago

@alexplumb thank you for your answer and for the grant code! Your solution is very similar to my idea how to solve it, it's good to know that I am on the right way :)

tjboudreaux commented 8 years ago

I am looking at doing the exact same thing. Thanks @pdrosos for asking this question and thanks @alexplumb for going above and beyond on the answer.