堆栈内存溢出
  简体   繁体   English

使用Auth0和PHP创建后登录用户

[英]Log user in after creation with Auth0 and PHP

 原文  2016-01-19 00:42:55       php/ symfony/ hwioauthbundle/ auth0

问题描述

I'm using Auth0 for authentication with Symfony2 and HWIOAuthBundle. 我正在使用Auth0与Symfony2和HWIOAuthBundle进行身份验证。

Our app does the following: 我们的应用程序执行以下操作:

  1. Send invitation link to new user 发送邀请链接给新用户
  2. User ckicks the link and lands a form where they new fill-in email and password 用户点击链接并进入一个表单,在该表单中他们输入新的填写电子邮件和密码
  3. Once the form is submitted and validated we create that user in Auth0 with all necessary metadata 提交并验证表单后,我们将在Auth0中使用所有必要的元数据创建该用户
  4. User is redirected to getting started tour 用户被重定向到入门指南

The problem is in #4. 问题出在#4中。 How do I get that users logged into the Symfony app now? 我如何让这些用户立即登录Symfony应用程序? With Auth0 I can call https://muapp.auth0.com/oauth/ro API endpoint and it will return access_token and id_token, but how do I use those to trigger eg OAuth flow so I can get that user properly authenticated with Auth0 and my app. 使用Auth0,我可以调用https://muapp.auth0.com/oauth/ro API端点,它将返回access_token和id_token,但是如何使用它们来触发例如OAuth流,这样我可以使该用户通过Auth0和我的应用

1 个解决方案

解决方案1
 1  2016-01-19 07:11:39

In the redirect URL query the oauth server should add an AUTHORIZATION_CODE . 在重定向URL查询中,oauth服务器应添加AUTHORIZATION_CODE

https://your-oauth-client/callback?code=AUTHORIZATION_CODE

This authorization code is the proof that your client application may act on behalf of the user. 此授权码证明您的客户端应用程序可以代表用户执行操作。 With this code your client application should be able to request the ACCESS_TOKEN , its expiry, and a REFRESH TOKEN (using cURL or something similar) from the server. 使用此代码,您的客户端应用程序应该能够从服务器请求ACCESS_TOKEN ,其到期时间和REFRESH TOKEN (使用cURL或类似的东西)。

This request should look something like: 该请求应类似于:

https://your-oauth-server/oauth/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=CALLBACK_URL

Now the client application stores the ACCESS_TOKEN and adds it to the request headers of following requests. 现在,客户端应用程序存储ACCESS_TOKEN并将其添加到后续请求的请求标头中。

Authorization:Bearer ACCESS_TOKEN

If the ACCESS_TOKEN is expired, the client application should request a new one with the REFRESH_TOKEN . 如果ACCESS_TOKEN过期,则客户端应用程序应使用REFRESH_TOKEN请求一个新的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Laravel Auth0未经授权的用户 - Laravel Auth0 Unauthorized user 使用PHP的Auth0 MySQL连接错误 - Auth0 mysql connection error using php PHP中的Auth0 JWT令牌验证 - Auth0 JWT Token validation in PHP 使用 Auth0 的 PHP/Curl 问题 - issue with PHP/Curl using Auth0 PHP使用会话创建登录 - PHP log in with session creation 获取auth0用户元数据作为用户信息的一部分 - get auth0 user metadata as part of user information 与php服务器通信的react-native-ios的auth0身份验证 - auth0 authentication for react-native-ios that communicates with php server php auth0 api更新app_data - php auth0 api update app_data PHP 中的 Auth0 集成 - getUser() 始终返回 NULL - Auth0 integration in PHP - getUser() always returning NULL 尝试安装php-jwt时遇到auth0问题 - When trying to install php-jwt facing trouble with auth0
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM