Fatal编程技术网
  • php/
  • 条令2和OAuth2.0服务器PHP客户端凭据无效

条令2和OAuth2.0服务器PHP客户端凭据无效

php doctrine-orm oauth-2.0

条令2和OAuth2.0服务器PHP客户端凭据无效,php,doctrine-orm,oauth-2.0,credentials,entitymanager,Php,Doctrine Orm,Oauth 2.0,Credentials,Entitymanager,作为一名实体经理,我正试图以原则实施OAuth2。我完全遵循了本教程: 以下是当用户向API发出请求时调用的代码: // obtaining the entity manager $entityManager = EntityManager::create($conn, $config); $clientStorage = $entityManager->getRepository('OAuthClient'); $clients = $clientStorage->findA

作为一名实体经理,我正试图以原则实施OAuth2。我完全遵循了本教程:

以下是当用户向API发出请求时调用的代码:

// obtaining the entity manager
$entityManager = EntityManager::create($conn, $config);

$clientStorage  = $entityManager->getRepository('OAuthClient');
$clients = $clientStorage->findAll();
print_r($clients); // We are getting the clients from the database.
$userStorage = $entityManager->getRepository('OAuthUser');
$accessTokenStorage  = $entityManager->getRepository('OAuthAccessToken');
$authorizationCodeStorage = $entityManager->getRepository('OAuthAuthorizationCode');
$refreshTokenStorage = $entityManager->getRepository('OAuthRefreshToken');

//Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
    'client_credentials' => $clientStorage,
    'user_credentials'   => $userStorage,
    'access_token'       => $accessTokenStorage,
    'authorization_code' => $authorizationCodeStorage,
    'refresh_token'      => $refreshTokenStorage,
], [
    'auth_code_lifetime' => 30,
    'refresh_token_lifetime' => 30,
]);

$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));

// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
无论何时使用正确的凭据拨打电话,我都会得到以下响应:

Array
(
    [0] => OAuthClient Object
        (
            [id:OAuthClient:private] => 1
            [client_identifier:OAuthClient:private] => testclient
            [client_secret:OAuthClient:private] => testpass
            [redirect_uri:OAuthClient:private] => http://fake.com
            [hashOptions:protected] => Array
                (
                    [cost] => 11
                )

        )

    [1] => OAuthClient Object
        (
            [id:OAuthClient:private] => 2
            [client_identifier:OAuthClient:private] => trevor
            [client_secret:OAuthClient:private] => hutto
            [redirect_uri:OAuthClient:private] => https://www.another.com
            [hashOptions:protected] => Array
                (
                    [cost] => 11
                )

        )

)
{"error":"invalid_client","error_description":"The client credentials are invalid"}
因此,我们要从数据库中获取客户机,我们应该检查它们,并返回它们确实存在,并发出一个访问令牌。但是,由于某些原因,OAuth2服务器(可以看到)无法将给定的凭据与存储的凭据匹配

我不认为这是一个条令问题,因为我可以使用findAll()相当轻松地检索结果

我的问题是:

为什么会发生这种情况,我如何修复它

我发现了问题。在教程()中,他们没有提到,当使用检查客户机机密时,使用提供的客户机机密的哈希版本

在本教程中,他们在将示例客户机机密放入数据库时不会对其进行散列

如果在将客户机密码插入数据库时对其进行散列,它将按预期工作