oauth2-server/README.md

# PHP OAuth 2.0 Server

[![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server) [![Coverage Status](https://coveralls.io/repos/thephpleague/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/thephpleague/oauth2-server?branch=master) [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server) [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")


A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.

## Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your `composer.json` file:

```javascript
{
	"require": {
		"league/oauth2-server": "3.*"
	}
}
```

### Framework Integrations

* [Laravel Service Provider](https://packagist.org/packages/lucadegasperi/oauth2-server-laravel) by @lucadegasperi
* [Laravel Eloquent implementation](https://github.com/ScubaClick/scubaclick-oauth2) by @ScubaClick (under development)

---

The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.

[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=master)](https://travis-ci.org/thephpleague/oauth2-server) [master]

[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=develop)](https://travis-ci.org/thephpleague/oauth2-server) [develop]


## Current Features

### Authorization Server

The authorization server is a flexible class and the following core specification grants are implemented:

* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))

An [overview of the different OAuth 2.0 grants](https://github.com/thephpleague/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F) can be found in the [wiki].

### Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.

### Custom grants

Custom grants can be created easily by implementing an interface. Check out the [custom grant guide](https://github.com/thephpleague/oauth2-server/wiki/Creating-custom-grants).

## Tutorials and Documentation

* **[Wiki]** - The wiki has lots of guides on how to use this library.

* **[Developing an OAuth-2.0 Authorization Server]** - A simple tutorial on how to use the authorization server.

* **[Securing your API with OAuth 2.0]** - A simple tutorial on how to use the resource server to secure an API server.

[Wiki]: https://github.com/thephpleague/oauth2-server/wiki
[Securing your API with OAuth 2.0]: https://github.com/thephpleague/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0
[Developing an OAuth-2.0 Authorization Server]: https://github.com/thephpleague/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server

## Changelog

[See the project releases page](https://github.com/thephpleague/oauth2-server/releases)

## Contributing

Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.

## Support

Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)

## License

This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.

## Credits

This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).

Special thanks to:

* [Dan Horrigan](https://github.com/dandoescode)
* [Nick Jackson](https://github.com/jacksonj04)
* [Michael Gooden](https://github.com/MichaelGooden)
* [Phil Sturgeon](https://github.com/philsturgeon)
* [and all the other contributors](https://github.com/thephpleague/oauth2-server/contributors)

The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.

[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
Went back to old title 2013-12-05 21:37:24 +00:00			`# PHP OAuth 2.0 Server`
README updates 2013-12-05 21:32:29 +00:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			[![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server) [![Coverage Status](https://coveralls.io/repos/thephpleague/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/thephpleague/oauth2-server?branch=master) [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server) [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
README updates 2013-12-05 21:32:29 +00:00
Initial commit 2012-06-04 13:00:52 -07:00
Added contributors 2013-07-24 13:14:48 -04:00			`A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.`
Updated README.md with an introduction to the project 2012-06-04 22:16:27 +02:00
Updated README 2012-08-27 15:43:17 +01:00			`## Package Installation`
Updated README.md with an introduction to the project 2012-06-04 22:16:27 +02:00
Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			The framework is provided as a Composer package which can be installed by adding the package to your `composer.json` file:
Updated README 2012-08-27 15:43:17 +01:00
			```javascript
			`{`
Updated README 2013-01-02 19:16:16 +00:00			`"require": {`
README updates 2013-12-05 21:32:29 +00:00			`"league/oauth2-server": "3.*"`
Updated README 2012-08-27 15:43:17 +01:00			`}`
			`}`
			```

README updates 2013-12-05 21:32:29 +00:00			`### Framework Integrations`
Added badges [ci skip] 2013-07-26 11:08:24 +01:00
Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			`* [Laravel Service Provider](https://packagist.org/packages/lucadegasperi/oauth2-server-laravel) by @lucadegasperi`
			`* [Laravel Eloquent implementation](https://github.com/ScubaClick/scubaclick-oauth2) by @ScubaClick (under development)`
Added badges [ci skip] 2013-07-26 11:08:24 +01:00
Updated README 2013-02-15 17:08:21 +00:00			`---`
Updated README 2012-08-27 15:43:17 +01:00
Updated the README 2013-05-08 10:51:56 -07:00			The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
Updated README 2012-08-27 15:43:17 +01:00
Fixed some links in README. 2014-02-26 17:37:33 -05:00			`[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=master)](https://travis-ci.org/thephpleague/oauth2-server) [master]`
Update README.md 2013-12-19 12:33:39 +00:00
Fixed some links in README. 2014-02-26 17:37:33 -05:00			`[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=develop)](https://travis-ci.org/thephpleague/oauth2-server) [develop]`
Update README.md 2013-12-19 12:33:39 +00:00

Updated README 2012-08-27 15:43:17 +01:00			`## Current Features`

Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`### Authorization Server`
Updated README 2012-08-27 15:43:17 +01:00
Updated the README 2013-05-08 10:51:56 -07:00			`The authorization server is a flexible class and the following core specification grants are implemented:`
Updated README 2013-01-02 19:16:16 +00:00
Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))`
Updated README 2013-02-15 17:08:21 +00:00			`* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))`
			`* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))`
			`* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))`
Updated README 2012-08-27 15:43:17 +01:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`An [overview of the different OAuth 2.0 grants](https://github.com/thephpleague/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F) can be found in the [wiki].`
Added description of grants link 2013-02-28 16:26:06 +00:00
Updated README 2012-08-27 15:43:17 +01:00			`### Resource Server`

Updated the README 2013-05-08 10:51:56 -07:00			`The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.`
Updated README 2012-08-27 15:43:17 +01:00
Updated the README 2013-05-08 10:51:56 -07:00			`### Custom grants`

Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`Custom grants can be created easily by implementing an interface. Check out the [custom grant guide](https://github.com/thephpleague/oauth2-server/wiki/Creating-custom-grants).`
Updated the README 2013-05-08 10:51:56 -07:00
Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			`## Tutorials and Documentation`
Updated the README 2013-05-08 10:51:56 -07:00
Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			`* [Wiki] - The wiki has lots of guides on how to use this library.`
Added tutorial section 2013-02-28 17:03:15 +00:00
Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			`* [Developing an OAuth-2.0 Authorization Server] - A simple tutorial on how to use the authorization server.`
Link to wiki 2013-05-08 19:38:23 -07:00
Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			`* [Securing your API with OAuth 2.0] - A simple tutorial on how to use the resource server to secure an API server.`
Added tutorial section 2013-02-28 17:03:15 +00:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`[Wiki]: https://github.com/thephpleague/oauth2-server/wiki`
			`[Securing your API with OAuth 2.0]: https://github.com/thephpleague/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0`
			`[Developing an OAuth-2.0 Authorization Server]: https://github.com/thephpleague/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server`
Added tutorial links 2013-02-22 13:31:05 +00:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`## Changelog`
Updated README 2012-08-27 15:43:17 +01:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`[See the project releases page](https://github.com/thephpleague/oauth2-server/releases)`
Updated README 2012-08-27 15:43:17 +01:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`## Contributing`
Updated README 2012-08-27 15:43:17 +01:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.`
Added contributors 2013-07-24 13:14:48 -04:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`## Support`
Added contributors 2013-07-24 13:14:48 -04:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)`
Added contributors 2013-07-24 13:14:48 -04:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`## License`
Added contributors 2013-07-24 13:14:48 -04:00
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.`
Added contributors 2013-07-24 13:14:48 -04:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`## Credits`
Added contributors 2013-07-24 13:14:48 -04:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).`
Update README.md 2012-09-07 12:59:41 +02:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`Special thanks to:`
Update README.md 2012-09-07 12:59:41 +02:00
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 11:18:10 +01:00			`* [Dan Horrigan](https://github.com/dandoescode)`
			`* [Nick Jackson](https://github.com/jacksonj04)`
			`* [Michael Gooden](https://github.com/MichaelGooden)`
			`* [Phil Sturgeon](https://github.com/philsturgeon)`
Fixed lots of links, and improved readability of links. 2014-02-26 17:45:32 -05:00			`* [and all the other contributors](https://github.com/thephpleague/oauth2-server/contributors)`
Updated README 2013-02-15 17:08:21 +00:00
Add a Bitdeli badge to README 2013-12-05 21:20:48 +00:00			`The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.`

Merge branch 'release/3.1.2' Conflicts: README.md 2014-02-26 17:45:16 -05:00			`[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")`