|
|
@@ -0,0 +1,78 @@
|
|
|
+<?php
|
|
|
+namespace Api\Controller;
|
|
|
+use Think\Controller;
|
|
|
+class ExtLoginController extends BaseController {
|
|
|
+
|
|
|
+
|
|
|
+ public function oauth2(){
|
|
|
+ $provider = new \League\OAuth2\Client\Provider\GenericProvider([
|
|
|
+ 'clientId' => 'a36df4c9-5ed4-440b-8f69-7535d2947213', // The client ID assigned to you by the provider
|
|
|
+ 'clientSecret' => 'F2m6MjIwNTIwMjEyMjE3NDYxMTM8Lr', // The client password assigned to you by the provider
|
|
|
+ 'redirectUri' => 'http://192.168.8.160:8280/showdoc/server/?s=/api/ExtLogin/oauth2',
|
|
|
+ 'urlAuthorize' => 'https://192.168.8.160:8443/maxkey/authz/oauth/v20/authorize',
|
|
|
+ 'urlAccessToken' => 'https://192.168.8.160:8443/maxkey/authz/oauth/v20/token',
|
|
|
+ 'urlResourceOwnerDetails' => 'https://192.168.8.160:8443/maxkey/authz/oauth/v20/resource',
|
|
|
+ ],[
|
|
|
+ 'httpClient' => new \GuzzleHttp\Client(['verify' => false]),
|
|
|
+ ]);
|
|
|
+
|
|
|
+ // If we don't have an authorization code then get one
|
|
|
+ if (!isset($_GET['code'])) {
|
|
|
+
|
|
|
+ // Fetch the authorization URL from the provider; this returns the
|
|
|
+ // urlAuthorize option and generates and applies any necessary parameters
|
|
|
+ // (e.g. state).
|
|
|
+ $authorizationUrl = $provider->getAuthorizationUrl();
|
|
|
+
|
|
|
+ // Get the state generated for you and store it to the session.
|
|
|
+ $_SESSION['oauth2state'] = $provider->getState();
|
|
|
+
|
|
|
+ // Redirect the user to the authorization URL.
|
|
|
+ header('Location: ' . $authorizationUrl);
|
|
|
+ exit;
|
|
|
+
|
|
|
+ // Check given state against previously stored one to mitigate CSRF attack
|
|
|
+ } elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {
|
|
|
+
|
|
|
+ if (isset($_SESSION['oauth2state'])) {
|
|
|
+ unset($_SESSION['oauth2state']);
|
|
|
+ }
|
|
|
+
|
|
|
+ exit('Invalid state');
|
|
|
+
|
|
|
+ } else {
|
|
|
+
|
|
|
+ try {
|
|
|
+
|
|
|
+ // Try to get an access token using the authorization code grant.
|
|
|
+ $accessToken = $provider->getAccessToken('authorization_code', [
|
|
|
+ 'code' => $_GET['code']
|
|
|
+ ]);
|
|
|
+
|
|
|
+ // We have an access token, which we may use in authenticated
|
|
|
+ // requests against the service provider's API.
|
|
|
+ echo 'Access Token: ' . $accessToken->getToken() . "<br>";
|
|
|
+ echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "<br>";
|
|
|
+ echo 'Expired in: ' . $accessToken->getExpires() . "<br>";
|
|
|
+ echo 'Already expired? ' . ($accessToken->hasExpired() ? 'expired' : 'not expired') . "<br>";
|
|
|
+
|
|
|
+ $res = http_post('https://192.168.8.160:8443/maxkey/api/oauth/v20/me',array(
|
|
|
+ "access_token"=>$accessToken->getToken()
|
|
|
+ ));
|
|
|
+ var_dump($res);
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
|
|
|
+
|
|
|
+ // Failed to get the access token or user details.
|
|
|
+ exit($e->getMessage());
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+}
|
star7th