Oauth2 implementation in Yii2

1
votes

I'm new to Yii2. I want to implement Oauth2 with Resource owner credentials grant type in Yii2.

For that, I found this Yii2 specific library:

https://github.com/Filsh/yii2-oauth2-server

But the documentation is poor and doesn't show exact steps to use it.

So far I did this:

1) Install package using composer

2) Added module configuration into common/config/main.php

Now I'm getting confused for the next steps.

It says to create a class called "PublicKeyStorage". Is it really necessary or optional step? If yes then where should I create this file? Do I need to create privkey.pem and pubkey.pem file manually? If yes there what content should they have?

Next, it says to extend the common\models\User model. So where should I create this file? Into frontend/models?

3) Next, it says to run the package migration which is clear.

4) Next, it says to set URLs, which is also clear.

5) Next, it says to set controller, I believe it is to verify incoming token. Am I correct?

The last question I have is that what URLs should I hit to get the access token? Is it /oauth2/token?

1
phpyiioauthyii2yii2-advanced-app
Hi, public and private keys are for JWT token if you want to use only access_token than you dont need to do that, in yii2 advanced template common/models/User model file is already there if you wan to use this you can otherwise you can create your own model file in frontend/models after that you need to change identifyClass in your config/main.php file 'identityClass' => 'common\models\User',Kamran Khatti
What URL should I use to get the token? localhost/yii2_advanced_api/frontend/web/oauth2/token?Parth Vora

1 Answers

3
votes

If you want to get JSON Web Token (JWT) instead of the conventional token, you will need to set 'useJwtToken' => true in module and then define two more configurations: 'public_key' => 'app\storage\PublicKeyStorage' which is the class that implements PublickKeyInterface and 'access_token' => 'app\storage\JwtAccessToken' which implements JwtAccessTokenInterface.php.

5) Next, it says to set controller, I believe it is to verify incoming token. Am I correct?

A) Yes