条令2和OAuth2.0服务器PHP客户端凭据无效
作为一名实体经理,我正试图以原则实施OAuth2。我完全遵循了本教程: 以下是当用户向API发出请求时调用的代码:条令2和OAuth2.0服务器PHP客户端凭据无效,php,doctrine-orm,oauth-2.0,credentials,entitymanager,Php,Doctrine Orm,Oauth 2.0,Credentials,Entitymanager,作为一名实体经理,我正试图以原则实施OAuth2。我完全遵循了本教程: 以下是当用户向API发出请求时调用的代码: // obtaining the entity manager $entityManager = EntityManager::create($conn, $config); $clientStorage = $entityManager->getRepository('OAuthClient'); $clients = $clientStorage->findA
// obtaining the entity manager
$entityManager = EntityManager::create($conn, $config);
$clientStorage = $entityManager->getRepository('OAuthClient');
$clients = $clientStorage->findAll();
print_r($clients); // We are getting the clients from the database.
$userStorage = $entityManager->getRepository('OAuthUser');
$accessTokenStorage = $entityManager->getRepository('OAuthAccessToken');
$authorizationCodeStorage = $entityManager->getRepository('OAuthAuthorizationCode');
$refreshTokenStorage = $entityManager->getRepository('OAuthRefreshToken');
//Pass the doctrine storage objects to the OAuth2 server class
$server = new \OAuth2\Server([
'client_credentials' => $clientStorage,
'user_credentials' => $userStorage,
'access_token' => $accessTokenStorage,
'authorization_code' => $authorizationCodeStorage,
'refresh_token' => $refreshTokenStorage,
], [
'auth_code_lifetime' => 30,
'refresh_token_lifetime' => 30,
]);
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($clientStorage));
// handle the request
$server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
无论何时使用正确的凭据拨打电话,我都会得到以下响应:
Array
(
[0] => OAuthClient Object
(
[id:OAuthClient:private] => 1
[client_identifier:OAuthClient:private] => testclient
[client_secret:OAuthClient:private] => testpass
[redirect_uri:OAuthClient:private] => http://fake.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
[1] => OAuthClient Object
(
[id:OAuthClient:private] => 2
[client_identifier:OAuthClient:private] => trevor
[client_secret:OAuthClient:private] => hutto
[redirect_uri:OAuthClient:private] => https://www.another.com
[hashOptions:protected] => Array
(
[cost] => 11
)
)
)
{"error":"invalid_client","error_description":"The client credentials are invalid"}
因此,我们要从数据库中获取客户机,我们应该检查它们,并返回它们确实存在,并发出一个访问令牌。但是,由于某些原因,OAuth2服务器(可以看到)无法将给定的凭据与存储的凭据匹配
我不认为这是一个条令问题,因为我可以使用findAll()相当轻松地检索结果
我的问题是:
为什么会发生这种情况,我如何修复它
我发现了问题。在教程()中,他们没有提到,当使用检查客户机机密时,使用提供的客户机机密的哈希版本 在本教程中,他们在将示例客户机机密放入数据库时不会对其进行散列 如果在将客户机密码插入数据库时对其进行散列,它将按预期工作