[英]Log user in after creation with Auth0 and PHP
I'm using Auth0 for authentication with Symfony2 and HWIOAuthBundle. 我正在使用Auth0与Symfony2和HWIOAuthBundle进行身份验证。
Our app does the following: 我们的应用程序执行以下操作:
The problem is in #4. 问题出在#4中。 How do I get that users logged into the Symfony app now? 我如何让这些用户立即登录Symfony应用程序? With Auth0 I can call https://muapp.auth0.com/oauth/ro API endpoint and it will return access_token and id_token, but how do I use those to trigger eg OAuth flow so I can get that user properly authenticated with Auth0 and my app. 使用Auth0,我可以调用https://muapp.auth0.com/oauth/ro API端点,它将返回access_token和id_token,但是如何使用它们来触发例如OAuth流,这样我可以使该用户通过Auth0和我的应用
In the redirect URL query the oauth server should add an AUTHORIZATION_CODE
. 在重定向URL查询中,oauth服务器应添加AUTHORIZATION_CODE
。
https://your-oauth-client/callback?code=AUTHORIZATION_CODE
This authorization code is the proof that your client application may act on behalf of the user. 此授权码证明您的客户端应用程序可以代表用户执行操作。 With this code your client application should be able to request the ACCESS_TOKEN
, its expiry, and a REFRESH TOKEN
(using cURL or something similar) from the server. 使用此代码,您的客户端应用程序应该能够从服务器请求ACCESS_TOKEN
,其到期时间和REFRESH TOKEN
(使用cURL或类似的东西)。
This request should look something like: 该请求应类似于:
https://your-oauth-server/oauth/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=CALLBACK_URL
Now the client application stores the ACCESS_TOKEN
and adds it to the request headers of following requests. 现在,客户端应用程序存储ACCESS_TOKEN
并将其添加到后续请求的请求标头中。
Authorization:Bearer ACCESS_TOKEN
If the ACCESS_TOKEN
is expired, the client application should request a new one with the REFRESH_TOKEN
. 如果ACCESS_TOKEN
过期,则客户端应用程序应使用REFRESH_TOKEN
请求一个新的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.