oauth2-server-php

oauth2-server-php copied to clipboard

Hi All,

Currently I am trying to implement an OAuth2 server to provide security for a zend web app with the option to provide to API services in the future.

To authenticate, the user must provide an email address and password.

My problem is that i need the user_id to be returned when granted an access token. At the moment i keep getting a standard bearer token.

Should I request the user id from the oauth_access_token repository when token request is successful?

@01ivesm I'm having exactly the same issue. plz let me know if u were able to resolve it.

I am not sure if my way is the correct way.

When the user has been authenticated and token has been received I literally use the following line and literally use the user_id from the result to query the user information.

$this->server->getStorage('access_token')->getAccessToken($token->getParameter('access_token'))

@01ivesm I don't think this is correct. Anything without id_token would be completely bypassing OIDC.
So this would be using pure oauth2 (supposedly authorization-only protocol) for authentication which is typically throwned upon I think.

Do you think i need to run Authorization server on a independent domain?

@01ivesm im not that experienced in OIDC subject tbh, but I would put SSO server on own domain|subdomaian yeah, like: sso.SITE.com id.SITE.com auth.SITE.com

I was thinking running the server side application along with a module for OAuth2.

POST htttp://domain/oauth/token -data grant_type="password|client" etc

So I haven't been able to get this package to work with UserCredentials grant.
This one however worked out of the box with example they provided:
https://github.com/steverhoades/oauth2-openid-connect-server