Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I want to set up resource server. #575

Closed
trueneutre opened this issue Dec 11, 2017 · 10 comments
Closed

I want to set up resource server. #575

trueneutre opened this issue Dec 11, 2017 · 10 comments
Labels
enhancement

Comments

@trueneutre
Copy link

trueneutre commented Dec 11, 2017
edited
Loading

How can I set it up?

laravel 5.3 In the past I thought https://github.com/jeffsrepoaccount/resource-authorization could be used to do this, but what do I do now?
@leroy0211
Copy link

I want to know too.
There are several threads in which the idea of separate resource servers is being discusses and unadvised, but never answered. As far as I know, the oauth2 protocol should support this, it's like step E in this image:

oauth2-flow-4da2c3e38ecf5a77b38607d527c320bda93714ce2d6163e122aabb534390df43

In my case we want to create multiple resource servers (api's) which are all bound to a user. Just a few examples:

  • /me <- this would be the authentication server's output
  • /my/blogs <- a resource server which saves blogs.
  • /my/invoices <- a resource server in which invoices are stored
  • /my/cart <- a resource server for the users's shopping cart
  • /my/product_deals <- a resource server for specific discount deals for the current user
  • /catalog <- a resource server which contains products, categories, etc.
  • etc...

Every single resource server should be decoupled from the authentication server (like in a microservices architecture). Because the /my/cart server is used more often then /my/blogs and should be scaled over multiple servers.

For everything I searched for, there is nothing like that available but the example image suggest there should be.

Techinical setup:
We have a authentication server setup on https://auth.domain.com. And on my local development machine, I want to setup a Resource server (just for test/dev) which validates the access token to the authentication server (again: Step E from the example)

@trueneutre would this also describe your use case?

@trueneutre
Copy link
Author

thank you @leroy0211

I want this right. The resource server and the authentication server have to be separated. I plan to implement it myself. Could there be a good idea? Problems that arise during implementation are written here.

@andriiaveiro
Copy link

is there a recent update about this feature? I want know how separated resource and auth server to create sso app

The only one i know support this feature is spring boot

@driesvints
Copy link
Member

Hmm, I can see this being something we might add. We don't have any plans on adding this right now but if you can you're free to send in a PR to the master branch for the next version.

@corbosman
Copy link

Would OAuth2 Introspection not be a way to handle this? (https://tools.ietf.org/html/rfc7662). I have implemented this myself on Passport but it should be something that laravel has build in so resource servers can ask passport for token meta data.

See also #491

@driesvints
Copy link
Member

@corbosman waiting on OAuth2 Server to implement that first.

@corbosman
Copy link

@driesvints yup i saw that, this comment was more meant for the OP @trueneutre as I think he's looking at the wrong solution for his issue. Introspection is meant to solve exactly his problem. There is actually a laravel package already he could theoretically use (although be aware it handles authentication wrong imo, https://github.com/ipunkt/laravel-oauth-introspection)

@Sephster
Copy link
Contributor

Sephster commented Nov 9, 2018

This PR is looking at adding introspection. It has stalled a bit at the moment but hoping it will be pushed forwards soon thephpleague/oauth2-server#925

@ReArmedHalo
Copy link

ReArmedHalo commented Nov 30, 2019
edited
Loading

So I couldn't really wait for the PRs or this functionality to be added to the base Passport package. I created my own Introspection package that handles both introspection on the Passport side as well as provides the middleware and authentication guard for a resource server. This is my first attempt at anything of this scale if I'm being honest and a bit nervous about sharing ;)

Please let me know if you give it a try and what you think. Sorry there are not any tests, I am still learning testing frameworks and didn't want to delay this as I needed it for an ongoing project. I did my best to make it as configurable as possible but the solution was developed for my specific needs so there might be some stuff overlooked.

I took inspiration from Passport, ipunkt's OAuth introspection and arietimmerman's OAuth Introspection Middleware

https://github.com/DataHiveDevelopment/Laravel-Introspection

EDIT (July 30, 2020):
I've reworked the above package into an improved two separate packages. I think I have better documentation this time but things are still early. If anyone does try it out, I would appreciate feedback on both code and documentation.

https://github.com/DataHiveDevelopment/passport-introspection-docs

@driesvints
Copy link
Member

Closing this as we're waiting for OAuth2 Server to implement this first.

@saade saade mentioned this issue Jun 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@driesvints @corbosman @Sephster @ReArmedHalo @leroy0211 @andriiaveiro @trueneutre