api-skeletons/zf-oauth2-client

An OAuth2 client for zfcampus/zf-oauth2

ZF OAuth2 Client

, _(*1)

When you write an application which includes zfcampus/zf-oauth2 this module is written to connect easily and cleanly connect to that zf-oauth2 implementation., _(*2)

Install

Installation of this module uses composer. For composer documentation, please refer to getcomposer.org., _(*3)

composer require api-skeletons/zf-oauth2-client ^1.0

Add this module to your application's configuration:, _(*4)

'modules' => array(
   ...
   'ZF\OAuth2\Client',
),

This module provides the service manager config through the module but you may use the ZF\OAuth2\Client\OAuth2Client class directly by injecting your own Zend\Http\Client and configuration., _(*5)

Configuration

Copy config/zf-oauth2-client.global.php.dist to config/autoload/zf-oauth2-client-global.php and edit. You may configure multiple zf-oauth2 authorization code provider profiles. login_redirect_route is your authentication route., _(*6)

    'zf-oauth2-client' => array(
        'profiles' => array(
            'default' => array(
                'login_redirect_route' => 'zfcuser',
                'client_id' => 'client',
                'secret' => 'password',
                'endpoint' => 'http://localhost:8081/oauth',
                'refresh_endpoint' => 'http://localhost:8081/oauth',
                'scope' = 'list,of,scopes',
            ),
            /* 'other provider' => array( ... */
        ),
    ),

zf-oauth2 Server Configuration

zf-oauth2-client expects the server to return a new refresh token anytime a refresh token is used to get a new access token. To set this flag on zf-oauth2 use, _(*7)

return array(
    'zf-oauth2' => array(
        'options' => array(
            'always_issue_new_refresh_token' => true,
        ),
    ),
);

Use

A controller is provided to send the user into the authorization code process and validate the code when the user returns. Upon validation the session will have a valid access_token., _(*8)

To send a user into the authorization code process direct them to the zf-oauth2-client route., _(*9)

// Controller
$this->plugin('redirect')
    ->toRoute('zf-oauth2-client', array('profile' => 'default'));

// View
$this->url('zf-oauth2-client', array('profile' => 'default'));

When the user returns from the process they will be redirected to the login_redirect_route. This route should fetch an authorized http client and, using it, authenticate the user based on their profile returned from an API call back to the OAuth2 server., _(*10)

Command Line Tools

To make JWT easier to test command line tools are included., _(*11)

• oauth2:jwt:generate Generate a JWT to send to an OAuth2 grant_type of urn:ietf:params:oauth:grant-type:jwt-bearer