Skip to content

gcgov/framework-service-auth-oauth-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Oauth Server Service

Service to extend gcgov/framework

Primary purpose

  • Implement a full Oauth service for authenticating to app. Provides functionality to authenticate users via third party Oauth providers or username/password database.

Impact to application

  • Router:
    • Adds routes:
      • Adds route /.well-known/jwks.json - provides endpoint to enable front end validation of tokens generated by the app
      • Adds route /.well-known/openid-configuration - provides public oauth configuration endpoint
      • Adds route /auth/fileToken - create a short lived access token that can be used in the url for supported routes
      • Adds route /auth/out - kills refresh token for user and removes any session and cookie data
      • Adds route /auth/authorize - GET and POST for authenticating user and generating access and refresh tokens
      • Adds route /auth/hybridauth/{provider} - Return endpoint for third party Oauth providers
      • Adds route /auth/verifyMfaSecret - used to configure user by validating MFA code and saving MFA secret for user
      • Adds route /auth/verifyMfaCode - for validating an MFA code for a user with MFA already configured
    • Adds authentication guard:
      • All routes in application with authentication=true must pass this guard. Checks the HTTP Authorization header, or url parameter fileAccessToken for routes with allowShort.

Installation:

Configuration

Allowed Users

By default, users attempting to sign in who not already present in the user database collection will be prevented from signing in. To enable sign in for any user who passes the third party Oauth provider authentication, set config variable blockNewUsers=false. When blockNewUsers=false, any user successfully authenticated by the third party Oauth provider will be automatically added to the database user config

$oauthConfig = oauthConfig::getInstance();
$oauthConfig->setBlockNewUsers( false );

New User Default Roles

When blockNewUsers=false, new users will be automatically added to the user database collection. To set the default roles that a new user should be assigned at creation, provide the roles to the setBlockNewUsers method.

$oauthConfig = oauthConfig::getInstance();
$oauthConfig->setBlockNewUsers( false, [ 'Role1.Read', 'Role2.Read', 'Role2.Write' ] );

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 8

v1.3.0 Latest
Oct 28, 2024
+ 7 releases

Packages

No packages published

Languages