Satellizer + Apigility (only direct login, no social integration)

README.md

1. Install Apigility

2. Create a ZF2 module, add the factory class from above, and enable it in your Apigility app

3. Copy the config.php file to config/autoload/local.php and modify to suit

4. Import the zf-oauth2 database schema (vendor/zfcampus/zf-oauth2/data/db_oauth2.sql) into the database you configured in 3

5. Create a public client with a password grant type:

   INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`, `grant_types`, `scope`, `user_id`) VALUES ('satellizer', '', '/', 'password', NULL, NULL);
   

6. Create a test user account:

   INSERT INTO `oauth_users` (`username`, `password`, `first_name`, `last_name`) VALUES ('test@test.com', '<bcrypt hash>', 'Testy', 'McTesterson');
   

   You can generate a bcrypt hash using the command provided by zf-oauth2:

   php vendor/zfcampus/zf-oauth2/bin/bcrypt.php <password>
   

7. In your Satellizer app, change the contents of your login controller to something like this:

   $scope.login = function() {
     var payload = {
         username: $scope.email, 
         password: $scope.password,
         'grant_type': 'password',
         'client_id': 'satellizer'
     };
       
     $auth.login(payload).then(function() {
       alert('Welcome!');
     }).catch(function() {
       alert('Login Failed!');
     });
   };
   

   And change the Satellizer config directive loginUrl to point to http://your-apigility-host.tld/oauth

8. Profit!!!

config.php

<?php
// config/autoload/local.php
return array(
    // Configure the DB adapter as you normally would for zf-oauth2
    // (I used root credentials because I am lazy...you shouldn't)
    'zf-oauth2' => array(
        'storage' => 'ZF\\OAuth2\\Adapter\\PdoAdapter',
        'db' => array(
            'dsn_type' => 'PDO',
            'dsn' => 'mysql:dbname=example',
            'username' => 'root',
            'password' => 'rootroot',
        ),
    ),
    'satellizer-server' => array(
        // Also use pre-configured zf-oauth2 storage?
        // (will store access tokens in database)
        'inject_existing_storage' => false,
        'keys' => array(
            'public_key'  => 'data/keys/pubkey.pem',
            'private_key' => 'data/keys/privkey.pem',
        ),
    ),
    'service_manager' => array(
        'invokables' => array(
            'satellizer-server-crypto-token-server' => 'SatellizerServer\Factory\CryptoTokenServerFactory',
        ),
        'delegators' => array(
            'ZF\OAuth2\Service\OAuth2Server' => array(
                'satellizer-server-crypto-token-server'
            ),
        ),
    ),
);

CryptoTokenServerFactory.php

<?php
namespace SatellizerServer\Factory;

use Zend\ServiceManager\DelegatorFactoryInterface;
use Zend\ServiceManager\ServiceLocatorInterface;

class CryptoTokenServerFactory implements DelegatorFactoryInterface
{
    public function createDelegatorWithName(ServiceLocatorInterface $serviceLocator, $name, $requestedName, $callback)
    {
        $server = call_user_func($callback);
        
        $config = $serviceLocator->get('Config');

        // Retrieve the pre-configured storage instance 
        $coreStorage = $config['satellizer-server']['inject_existing_storage'] === true
            ? $serviceLocator->get($config['zf-oauth2']['storage'])
            : NULL;
        
        // Load the public and private key files
        $publicKey  = file_get_contents($config['satellizer-server']['keys']['public_key']);
        $privateKey = file_get_contents($config['satellizer-server']['keys']['private_key']);
        
        // Instantiate in-memory storage for our keys
        $storage = new \OAuth2\Storage\Memory(array(
            'keys' => array(
                'public_key'  => $publicKey,
                'private_key' => $privateKey,
            ),
        ));

        // Make the "access_token" storage use Crypto Tokens instead of a database
        $cryptoStorage = new \OAuth2\Storage\CryptoToken($storage, $coreStorage);
        $server->addStorage($cryptoStorage, "access_token");

        // make the "token" response type a CryptoToken
        $cryptoResponseType = new \OAuth2\ResponseType\CryptoToken($storage, $coreStorage);
        $server->addResponseType($cryptoResponseType);
        
        return $server;
    }
}