This is an implementation of an OAuth 2.0 (draft 23) authorisation server using the CodeIgniter PHP framework.
- Flows
- Authorisation code
- Auto approve applications
- Users can manage OAuth permissions
- Put the Oauth controller in your controllers directory
- Put you Oauth_server library in your libraries directory
- Set up the database connection in the mongodb config file
- Create some scopes in the scopes database document (look at the sql file for the fields). Scopes are permissions to access different datasets. For example if you have an API method that exposes a user's details you may have a scope of
user.details
, and if you want clients to be able to update the user's details you could have an additional scope ofuser.update
. - Create an application in the applications document (look at the sql file for the fields). You may want to extend it and create a controller to allow users to register applications.
- In the oauth_server library, rewrite the
validate_user()
function code to allow users to sign in. The function should return a user as an object if the username and password are valid or FALSE if not. - In your API controller, for each function that requires OAuth authenticated access enter the following code:
function user_get($id)
{
$this->load->library('oauth_resource_server');
if ( ! $this->oauth_resource_server->has_scope(array('user.details', 'another.scope')))
{
// Error logic here - "access token does not have correct permission to user this API method"
}
// API code here
}
If an access token successfully validates then you can use the following methods to convert the access token to a user ID:
$this->oauth_resource_server->is_user();
// returns the user's ID or FALSE
Or to convert the access token to an application ID (if you allow anonomous access tokens):
$this->oauth_resource_server->is_anon();
// returns the application ID or FALSE