Doctrine 2和OAuth2.0服务器PHP客户端凭据无效

时间:2015-04-11 22:30:55

标签: php doctrine-orm oauth-2.0 credentials entitymanager

我正在尝试将 OAuth2 Doctrine 实施为实体管理器。我完全按照本教程:

http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/

以下是我在用户向API发出请求时调用的代码:

// obtaining the entity manager
$entityManager = EntityManager::create($conn, $config);

$clientStorage  = $entityManager->getRepository('OAuthClient');
$clients = $clientStorage->findAll();
print_r($clients); // We are getting the clients from the database.
$userStorage = $entityManager->getRepository('OAuthUser');
$accessTokenStorage  = $entityManager->getRepository('OAuthAccessToken');
$authorizationCodeStorage = $entityManager->getRepository('OAuthAuthorizationCode');
$refreshTokenStorage = $entityManager->getRepository('OAuthRefreshToken');

//Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
    'client_credentials' => $clientStorage,
    'user_credentials'   => $userStorage,
    'access_token'       => $accessTokenStorage,
    'authorization_code' => $authorizationCodeStorage,
    'refresh_token'      => $refreshTokenStorage,
], [
    'auth_code_lifetime' => 30,
    'refresh_token_lifetime' => 30,
]);

$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));

// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();

每当使用正确的凭据进行呼叫时,我都会收到此回复:

Array
(
    [0] => OAuthClient Object
        (
            [id:OAuthClient:private] => 1
            [client_identifier:OAuthClient:private] => testclient
            [client_secret:OAuthClient:private] => testpass
            [redirect_uri:OAuthClient:private] => http://fake.com
            [hashOptions:protected] => Array
                (
                    [cost] => 11
                )

        )

    [1] => OAuthClient Object
        (
            [id:OAuthClient:private] => 2
            [client_identifier:OAuthClient:private] => trevor
            [client_secret:OAuthClient:private] => hutto
            [redirect_uri:OAuthClient:private] => https://www.another.com
            [hashOptions:protected] => Array
                (
                    [cost] => 11
                )

        )

)
{"error":"invalid_client","error_description":"The client credentials are invalid"}

所以我们从数据库中获取客户端,我们应该检查它们,并返回它们实际存在并发出访问令牌。但是,出于某种原因,OAuth2服务器(可以看到here)无法将给定凭据与存储的凭据匹配。

我不认为这是一个Doctrine问题,因为我可以使用findAll()相当容易地检索结果。

  

我的问题是:

     

为什么会发生这种情况,我该如何解决?

1 个答案:

答案 0 :(得分:1)

我发现了问题。在教程(http://bshaffer.github.io/oauth2-server-php-docs/cookbook/doctrine2/)中,他们没有提到当使用提供的客户端密钥的散列版本检查客户端密钥时。

在教程中,当他们将示例客户端秘密放入数据库时​​,它们不会对其进行散列。

如果在将客户端插入数据库时​​对其进行哈希处理,它将按预期工作。

相关问题
最新问题