Padlock is a docker-based phalcon authentication server built on top of the PHP OAuth 2.0 Server
-
Add the entries
padlock.local
andpadlock-test.local
and map to127.0.0.1
in your/etc/hosts
file -
Ensure you have docker installed
-
Make a copy of
.env.sample
to.env
in theapp/env/
directory and replace the values. -
You can generate the
ENCRYPTION_KEY
environment variable by runningphp -r "echo base64_encode(random_bytes(40)) . PHP_EOL;"
on the command line -
cd into the
keys
directory and generate your public and private keys like so:openssl genrsa -out private.key 2048
thenopenssl rsa -in private.key -pubout -out public.key
. These are needed for encrypting and decrypting tokens -
You will need to change the permissions of the private and public keys you create in the previous step to the following:
chgrp www-data -R keys
Thenchmod 600 keys/private.key
-
Feel free to change the port mappings in
docker-compose.yml
if you already have services running on ports8899
for the phalcon app and33066
for the mysql server -
Run the app like this
./bin/start.sh
or rundocker-compose up -d
-
Login to mysql using the credentials host:127.0.0.1, username: root, password:root, port: 33066
-
Create two databases:
padlock_db
andpadlock_test_db
and import the sql file found inapp/db/padlock.sql
into both databases
-
Password Grant Flow: Send a
POST
request tohttp://padlock.local:8899/api/v1/oauth/token
with the following parameters:- client_id: test
- client_secret: secret
- grant_type: password
- username: abc
- password: abc
NOTE: This grant returns an access token and a refresh token
-
Client Credentials Grant Flow: Send a
POST
request tohttp://padlock.local:8899/api/v1/oauth/token
with the following parameters:- client_id: test
- client_secret: secret
- grant_type: client_credentials
NOTE: This grant returns only an access token
-
Refresh Token Grant: Send a
POST
request tohttp://padlock.local:8899/api/v1/oauth/token
with the following parameters:- client_id: test
- client_secret: secret
- grant_type: refresh_token
- refresh_token: value gotten from any flow that returns a refresh token (e.g password grant flow)
NOTE: This grant returns another access token and refresh token and invalidates/revokes the previous ones
-
Implicit Grant: Send a
GET
request tohttp://padlock.local:8899/api/v1/oauth/authorize
with the following parameters:- client_id: test
- response_type: token
- state: a random string (optional)
- redirect_uri: http://www.test.com (optional)
NOTE: This grant returns an access token immediately. It does not return a refresh token.
-
Authorization Code Grant: Send a
GET
request tohttp://padlock.local:8899/api/v1/oauth/authorize
with the following parameters:- client_id: test
- response_type: code
- state: a random string (optional)
- redirect_uri: http://www.test.com (optional)
NOTE: This grant returns an authorization code that is then used to request for a token by sending a
POST
request to the endpointhttp://padlock.local:8899/api/v1/oauth/token
with the following parameters:- client_id: test
- client_secret: secret
- grant_type: authorization_code
- code: value gotten from the get request
- redirect_uri: http://www.test.com (optional)
Send a POST
request to http://padlock.local:8899/api/v1/oauth/token/validate
with an Authorization
header whose value is
Bearer {access_token}
-
Make a copy of
.env.sample
to.env.test
in theapp/env/
directory and replace the values. -
Login to the app container using
./bin/login.sh
or rundocker exec -it padlock_app bash
-
Execute unit tests
./unit-test.sh
(uses PHPUnit) -
Run integration tests using
./integration-test.sh
(uses Codeception)
Via Composer
$ composer require tegaphilip/padlock
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING and CONDUCT for details.