Padlock is a docker-based phalcon authentication server built on top of the PHP OAuth 2.0 Server
-
Add the entries
padlock.localandpadlock-test.localand map to127.0.0.1in your/etc/hostsfile -
Ensure you have docker installed
-
Make a copy of
.env.sampleto.envin theapp/env/directory and replace the values. -
You can generate the
ENCRYPTION_KEYenvironment variable by runningphp -r "echo base64_encode(random_bytes(40)) . PHP_EOL;"on the command line -
cd into the
keysdirectory and generate your public and private keys like so:openssl genrsa -out private.key 2048thenopenssl rsa -in private.key -pubout -out public.key. These are needed for encrypting and decrypting tokens -
You will need to change the permissions of the private and public keys you create in the previous step to the following:
chgrp www-data -R keysThenchmod 600 keys/private.key -
Feel free to change the port mappings in
docker-compose.ymlif you already have services running on ports8899for the phalcon app and33066for the mysql server -
Run the app like this
./bin/start.shor rundocker-compose up -d -
Login to mysql using the credentials host:127.0.0.1, username: root, password:root, port: 33066
-
Create two databases:
padlock_dbandpadlock_test_dband import the sql file found inapp/db/padlock.sqlinto both databases
-
Password Grant Flow: Send a
POSTrequest tohttp://padlock.local:8899/api/v1/oauth/tokenwith the following parameters:- client_id: test
- client_secret: secret
- grant_type: password
- username: abc
- password: abc
NOTE: This grant returns an access token and a refresh token
-
Client Credentials Grant Flow: Send a
POSTrequest tohttp://padlock.local:8899/api/v1/oauth/tokenwith the following parameters:- client_id: test
- client_secret: secret
- grant_type: client_credentials
NOTE: This grant returns only an access token
-
Refresh Token Grant: Send a
POSTrequest tohttp://padlock.local:8899/api/v1/oauth/tokenwith the following parameters:- client_id: test
- client_secret: secret
- grant_type: refresh_token
- refresh_token: value gotten from any flow that returns a refresh token (e.g password grant flow)
NOTE: This grant returns another access token and refresh token and invalidates/revokes the previous ones
-
Implicit Grant: Send a
GETrequest tohttp://padlock.local:8899/api/v1/oauth/authorizewith the following parameters:- client_id: test
- response_type: token
- state: a random string (optional)
- redirect_uri: http://www.test.com (optional)
NOTE: This grant returns an access token immediately. It does not return a refresh token.
-
Authorization Code Grant: Send a
GETrequest tohttp://padlock.local:8899/api/v1/oauth/authorizewith the following parameters:- client_id: test
- response_type: code
- state: a random string (optional)
- redirect_uri: http://www.test.com (optional)
NOTE: This grant returns an authorization code that is then used to request for a token by sending a
POSTrequest to the endpointhttp://padlock.local:8899/api/v1/oauth/tokenwith the following parameters:- client_id: test
- client_secret: secret
- grant_type: authorization_code
- code: value gotten from the get request
- redirect_uri: http://www.test.com (optional)
Send a POST request to http://padlock.local:8899/api/v1/oauth/token/validate with an Authorization header whose value is
Bearer {access_token}
-
Make a copy of
.env.sampleto.env.testin theapp/env/directory and replace the values. -
Login to the app container using
./bin/login.shor rundocker exec -it padlock_app bash -
Execute unit tests
./unit-test.sh(uses PHPUnit) -
Run integration tests using
./integration-test.sh(uses Codeception)
Via Composer
$ composer require tegaphilip/padlockPlease see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING and CONDUCT for details.