0

I am also following what this guy's asking storage of client credential on OAuth2 server about oauth2-server-php-docs. Although it answered one thing for the client secret, I wanna ask about the users credentials. Check the following code sample from oauth2-server-php-docs:

// create some users in memory
$users = array('bshaffer' => array('password' => 'brent123', 'first_name' => 'Brent', 'last_name' => 'Shaffer'));

// create a storage object
$storage = new OAuth2\Storage\Memory(array('user_credentials' => $users));

// create the grant type
$grantType = new OAuth2\GrantType\UserCredentials($storage);

// add the grant type to your OAuth server
$server->addGrantType($grantType);

It says that the user credentials will be stored in memory and that it doesn't say anything about password encryption. This is my use case -- I already have user credentials stored in MySQL with password encrypted using PHP password_hash(). So how can I match or use the line $storage = new OAuth2\Storage\Memory() if the $user['bshaffer']['password'] is just a plain text?

4

2 回答 2

0

我也有这个问题。但是,如果您阅读文档中的注释,就在您提到的代码片段下方,它说:

注意:用户存储为每个应用程序高度定制,因此强烈建议您使用 OAuth2\Storage\UserCredentialsInterface 实现自己的存储

我认为我们可以使用“OAuth2\Storage\UserCredentialsInterface”接口为用户模型实现我们自己的用户存储。

于 2020-03-11T14:16:44.213 回答
-1

我通过拥有自己的网络架构并扩展 Pdo 存储对象来实现用户定义的 password_verify() 来做到这一点。因此,我创建了 mytoken.php,它从前端请求接收帖子,然后使用 AUTH 用户和密码 (client_secret) 再次向 token.php 发送一个到 127.0.0.1 的请求。我这样做是为了不从前端请求发送 client_secret。

于 2016-03-17T14:34:58.727 回答