php oath server suite
4.0.5
Yubico OTP(Yubikey), Oath(TOTP, HOTP, GoogleAuthenticator) 서버측과 같은 2단계 인증을 제공하는 클래스 모음입니다.
Oath에 대한 자세한 내용은 https://openauthentication.org/를 확인하세요.
TOTP(시간 기반 일회용 비밀번호 알고리즘)에 대한 자세한 내용은 Wikipedia에서 확인할 수 있습니다.
HOTP(HMAC 기반 일회용 비밀번호 알고리즘)에 대한 자세한 내용은 Wikipedia에서 확인할 수 있습니다.
Yubico OTP 인증 메커니즘에 대한 자세한 내용은 https://developers.yubico.com/OTP/에서 "YubiKey OTP란 무엇입니까?" 기사를 읽어보세요.
{
"require": {
"chroma-x/oath-server-suite": "~4.0"
}
}
require_once('path/to/vendor/autoload.php');
Yubico OTP를 사용하려면 YubiCloud 액세스가 필요합니다. https://upgrade.yubico.com/getapikey/에서 무료 API 자격 증명을 얻을 수 있습니다.
use ChromaXCommonExceptionNetworkExceptionBaseNetworkException;
$otp = $_POST['otp'];
$userPublicId = 'fetchedFromDatabaseOrSimilar';
$validator = new OathServerSuiteValidationYubicoOtpValidator('yubiCloudClientId', 'yubiCloudSecretKey');
try {
$validator->validate($otp, $userPublicId);
if ($validator->isValid()) {
// Validation was successful
} else {
// Validation failed
}
} catch (NetworkException $exception) {
// Accessing the YubiCloud webservice failed.
}
인증을 허용하려면 클라이언트와 서버가 비밀을 공유해야 합니다. 일반적으로 서버는 비밀을 분석하여 키 이름 및 인증 메커니즘과 함께 QR 코드로 표시합니다.
Google Authenticator 및 Yubikey와 같은 일부 기타 애플리케이션 및 하드웨어 항목은 비밀이 16진수가 아닌 Base32로 인코딩된 데이터로 예상하여 표준을 따르지 않습니다.
use ChromaXOathServerSuiteSecretSharingSharedSecretQrCodeProviderSharedSecretQrCodeProvider;
use ChromaXOathServerSuiteSecretSharingSharedSecretUrlEncoderTotpBase32SharedSecretUrlEncoder;
use ChromaXQrCodeSuiteQrEncodeQrEncoder;
// Initialize Oath URL encoder for TOTP (Time-based One-time Password Algorithm)
$contentEncoder = new TotpBase32SharedSecretUrlEncoder();
// Setting the key name
$keyName = 'My Username';
// Setting the issuer name
$issuerName = 'Awesome Application';
// Setting a secret
// Attention: This is just an example value
// Use a random value of a proper length stored with your user credentials
$sharedSecret = openssl_random_pseudo_bytes(30);
// Getting the shared secret URL for usage wihtout QR code provision
$sharedSecretUrl = $contentEncoder->encode($keyName, $sharedSecret);
// Start QR code provision
// Initialize the QR code provider with Oath URL encoder for TOTP
$sharedSecretQrProvider = new SharedSecretQrCodeProvider(new TotpBase32SharedSecretUrlEncoder(), $keyName, $sharedSecret, $issuerName);
// Configure the QR code renderer for your needs
$sharedSecretQrProvider->getQrEncoder()
->setLevel(QrEncoder::QR_CODE_LEVEL_LOW)
->setTempDir('/path/to/a/writable/temp-dir');
// Persist the QR code PNG to the filesystem
$sharedSecretQrProvider->provideQrCode('/path/to/the/qrcode.png');
use ChromaXOathServerSuiteSecretSharingSharedSecretQrCodeProviderSharedSecretQrCodeProvider;
use ChromaXOathServerSuiteSecretSharingSharedSecretUrlEncoderHotpBase32SharedSecretUrlEncoder;
use ChromaXQrCodeSuiteQrEncodeQrEncoder;
// Initialize Oath URL encoder for HOTP (HMAC-based One-time Password Algorithm)
$contentEncoder = new HotpBase32SharedSecretUrlEncoder();
// Setting the key name
$keyName = 'My Username';
// Setting the issuer name
$issuerName = 'Awesome Application';
// Setting a secret
// Attention: This is just an example value
// Use a random value of a proper length stored with your user credentials
$sharedSecret = openssl_random_pseudo_bytes(30);
// Getting the shared secret URL for usage wihtout QR code provision
$sharedSecretUrl = $contentEncoder->encode($keyName, $sharedSecret);
// Start QR code provision
// Initialize the QR code provider with Oath URL encoder for HOTP
$sharedSecretQrProvider = new SharedSecretQrCodeProvider(new HotpBase32SharedSecretUrlEncoder(), $keyName, $sharedSecret, $issuerName);
// Configure the QR code renderer for your needs
$sharedSecretQrProvider->getQrEncoder()
->setLevel(QrEncoder::QR_CODE_LEVEL_LOW)
->setTempDir('/path/to/a/writable/temp-dir');
// Persist the QR code PNG to the filesystem
$sharedSecretQrProvider->provideQrCode('/path/to/the/qrcode.png');
$totp = $_POST['totp'];
$sharedSecret = 'fetchedFromDatabaseOrSimilar';
$validator = new OathServerSuiteValidationOathTotpValidator();
$validator->validate($totp, $sharedSecret);
if ($validator->isValid()) {
// Validation was successful
} else {
// Validation failed
}
$hotp = $_POST['hotp'];
$sharedSecret = 'fetchedFromDatabaseOrSimilar';
$counter = (int)'fetchedFromDatabaseOrSimilar';
$validator = new OathServerSuiteValidationOathHotpValidator();
$validator->validate($hotp, $sharedSecret, $counter);
if ($validator->isValid()) {
// Validation was successful
} else {
// Validation failed
}
use ChromaXOathServerSuiteSecretSharingSharedSecretQrCodeProviderSharedSecretQrCodeProvider;
use ChromaXOathServerSuiteSecretSharingSharedSecretUrlEncoderTotpSharedSecretUrlEncoder;
use ChromaXQrCodeSuiteQrEncodeQrEncoder;
// Initialize Oath URL encoder for TOTP (Time-based One-time Password Algorithm)
$contentEncoder = new TotpSharedSecretUrlEncoder();
// Setting the key name
$keyName = 'My Username';
// Setting the issuer name
$issuerName = 'Awesome Application';
// Setting a secret
// Attention: This is just an example value
// Use a random value of a proper length stored with your user credentials
$sharedSecret = openssl_random_pseudo_bytes(30);
// Getting the shared secret URL for usage wihtout QR code provision
$sharedSecretUrl = $contentEncoder->encode($keyName, $sharedSecret);
// Start QR code provision
// Initialize the QR code provider with Oath URL encoder for TOTP
$sharedSecretQrProvider = new SharedSecretQrCodeProvider(new TotpSharedSecretUrlEncoder(), $keyName, $sharedSecret, $issuerName);
// Configure the QR code renderer for your needs
$sharedSecretQrProvider->getQrEncoder()
->setLevel(QrEncoder::QR_CODE_LEVEL_LOW)
->setTempDir('/path/to/a/writable/temp-dir');
// Persist the QR code PNG to the filesystem
$sharedSecretQrProvider->provideQrCode('/path/to/the/qrcode.png');
use ChromaXOathServerSuiteSecretSharingSharedSecretQrCodeProviderSharedSecretQrCodeProvider;
use ChromaXOathServerSuiteSecretSharingSharedSecretUrlEncoderHotpSharedSecretUrlEncoder;
use ChromaXQrCodeSuiteQrEncodeQrEncoder;
// Initialize Oath URL encoder for HOTP (HMAC-based One-time Password Algorithm)
$contentEncoder = new HotpSharedSecretUrlEncoder();
// Setting the key name
$keyName = 'My Username';
// Setting the issuer name
$issuerName = 'Awesome Application';
// Setting a secret
// Attention: This is just an example value
// Use a random value of a proper length stored with your user credentials
$sharedSecret = openssl_random_pseudo_bytes(30);
// Getting the shared secret URL for usage wihtout QR code provision
$sharedSecretUrl = $contentEncoder->encode($keyName, $sharedSecret);
// Start QR code provision
// Initialize the QR code provider with Oath URL encoder for HOTP
$sharedSecretQrProvider = new SharedSecretQrCodeProvider(new HotpSharedSecretUrlEncoder(), $keyName, $sharedSecret, $issuerName);
// Configure the QR code renderer for your needs
$sharedSecretQrProvider->getQrEncoder()
->setLevel(QrEncoder::QR_CODE_LEVEL_LOW)
->setTempDir('/path/to/a/writable/temp-dir');
// Persist the QR code PNG to the filesystem
$sharedSecretQrProvider->provideQrCode('/path/to/the/qrcode.png');
$totp = $_POST['totp'];
$sharedSecret = 'fetchedFromDatabaseOrSimilar';
$validator = new OathServerSuiteValidationOathTotpValidator();
$validator->validate($totp, $sharedSecret);
if ($validator->isValid()) {
// Validation was successful
} else {
// Validation failed
}
$hotp = $_POST['hotp'];
$sharedSecret = 'fetchedFromDatabaseOrSimilar';
$counter = (int)'fetchedFromDatabaseOrSimilar';
$validator = new OathServerSuiteValidationOathHotpValidator();
$validator->validate($hotp, $sharedSecret, $counter);
if ($validator->isValid()) {
// Validation was successful
} else {
// Validation failed
}
php oath server suite 적절한 처리를 위해 다양한 예외(일부는 PHP 공통 예외 프로젝트에서 제공)를 제공합니다.
Github에서 PHP 공통 예외에 대한 자세한 정보를 찾을 수 있습니다.
우리 프로젝트에 기여하는 것은 언제나 매우 감사한 일입니다.
그러나 CONTRIBUTING.md 문서에 기록된 기여 지침을 따르십시오.
php oath server suite 은 MIT 라이센스를 따릅니다.
