2013-12-06 03:07:24 +05:30
# PHP OAuth 2.0 Server
2013-12-06 03:02:29 +05:30
[](https://packagist.org/packages/league/oauth2-server) [](https://coveralls.io/r/php-loep/oauth2-server?branch=master) [](https://packagist.org/packages/league/oauth2-server) [](https://bitdeli.com/free "Bitdeli Badge")
2012-06-05 01:30:52 +05:30
2013-07-24 22:44:48 +05:30
A standards compliant [OAuth 2.0 ](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/ ) authorization server and resource server written in PHP.
2012-06-05 01:46:27 +05:30
2012-08-27 20:13:17 +05:30
## Package Installation
2012-06-05 01:46:27 +05:30
2014-02-27 04:15:16 +05:30
The framework is provided as a Composer package which can be installed by adding the package to your `composer.json` file:
2012-08-27 20:13:17 +05:30
```javascript
{
2013-01-03 00:46:16 +05:30
"require": {
2013-12-06 03:02:29 +05:30
"league/oauth2-server": "3.*"
2012-08-27 20:13:17 +05:30
}
}
```
2013-12-06 03:02:29 +05:30
### Framework Integrations
2013-07-26 15:38:24 +05:30
2014-02-27 04:15:16 +05:30
* [Laravel Service Provider ](https://packagist.org/packages/lucadegasperi/oauth2-server-laravel ) by @lucadegasperi
* [Laravel Eloquent implementation ](https://github.com/ScubaClick/scubaclick-oauth2 ) by @ScubaClick (under development)
2013-07-26 15:38:24 +05:30
2013-02-15 22:38:21 +05:30
---
2012-08-27 20:13:17 +05:30
2013-05-08 23:21:56 +05:30
The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
2012-08-27 20:13:17 +05:30
2014-02-27 04:07:33 +05:30
[](https://travis-ci.org/thephpleague/oauth2-server) [master]
2013-12-19 18:03:39 +05:30
2014-02-27 04:07:33 +05:30
[](https://travis-ci.org/thephpleague/oauth2-server) [develop]
2013-12-19 18:03:39 +05:30
2012-08-27 20:13:17 +05:30
## Current Features
2013-02-20 18:10:42 +05:30
### Authorization Server
2012-08-27 20:13:17 +05:30
2013-05-08 23:21:56 +05:30
The authorization server is a flexible class and the following core specification grants are implemented:
2013-01-03 00:46:16 +05:30
2013-02-20 18:10:42 +05:30
* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
2013-02-15 22:38:21 +05:30
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
2012-08-27 20:13:17 +05:30
2014-02-27 04:15:16 +05:30
An [overview of the different OAuth 2.0 grants ](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F ) can be found in the [wiki].
2013-02-28 21:56:06 +05:30
2012-08-27 20:13:17 +05:30
### Resource Server
2013-05-08 23:21:56 +05:30
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
2012-08-27 20:13:17 +05:30
2013-05-08 23:21:56 +05:30
### Custom grants
2014-02-27 04:15:16 +05:30
Custom grants can be created easily by implementing an interface. Check out the [custom grant guide ](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants ).
2013-05-08 23:21:56 +05:30
2014-02-27 04:15:16 +05:30
## Tutorials and Documentation
2013-05-08 23:21:56 +05:30
2014-02-27 04:15:16 +05:30
* **[Wiki]** - The wiki has lots of guides on how to use this library.
2013-02-28 22:33:15 +05:30
2014-02-27 04:15:16 +05:30
* **[Developing an OAuth-2.0 Authorization Server]** - A simple tutorial on how to use the authorization server.
2013-05-09 08:08:23 +05:30
2014-02-27 04:15:16 +05:30
* **[Securing your API with OAuth 2.0]** - A simple tutorial on how to use the resource server to secure an API server.
2013-02-28 22:33:15 +05:30
2014-02-27 04:15:16 +05:30
[Wiki]: https://github.com/php-loep/oauth2-server/wiki
[Securing your API with OAuth 2.0]: https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0
[Developing an OAuth-2.0 Authorization Server]: https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server
2013-02-22 19:01:05 +05:30
2013-09-26 15:48:10 +05:30
## Changelog
2012-08-27 20:13:17 +05:30
2013-09-26 15:48:10 +05:30
[See the project releases page ](https://github.com/php-loep/oauth2-server/releases )
2012-08-27 20:13:17 +05:30
2013-09-26 15:48:10 +05:30
## Contributing
2012-08-27 20:13:17 +05:30
2013-09-26 15:48:10 +05:30
Please see [CONTRIBUTING ](https://github.com/php-loep/oauth2-server/blob/master/CONTRIBUTING.md ) for details.
2013-07-24 22:44:48 +05:30
2013-09-26 15:48:10 +05:30
## Support
2013-07-24 22:44:48 +05:30
2013-09-26 15:48:10 +05:30
Bugs and feature request are tracked on [GitHub ](https://github.com/php-loep/oauth2-server/issues )
2013-07-24 22:44:48 +05:30
2013-09-26 15:48:10 +05:30
## License
2013-07-24 22:44:48 +05:30
2013-09-26 15:48:10 +05:30
This package is released under the MIT License. See the bundled [LICENSE ](https://github.com/php-loep/oauth2-server/blob/master/LICENSE ) file for details.
2013-07-24 22:44:48 +05:30
2013-09-26 15:48:10 +05:30
## Credits
2013-07-24 22:44:48 +05:30
2013-09-26 15:48:10 +05:30
This code is principally developed and maintained by [Alex Bilbie ](https://twitter.com/alexbilbie ).
2012-09-07 16:29:41 +05:30
2013-09-26 15:48:10 +05:30
Special thanks to:
2012-09-07 16:29:41 +05:30
2013-09-26 15:48:10 +05:30
* [Dan Horrigan ](https://github.com/dandoescode )
* [Nick Jackson ](https://github.com/jacksonj04 )
* [Michael Gooden ](https://github.com/MichaelGooden )
* [Phil Sturgeon ](https://github.com/philsturgeon )
* [and all the other contributors ](https://github.com/php-loep/oauth2-server/contributors )
2013-02-15 22:38:21 +05:30
2013-12-06 02:50:48 +05:30
The initial code was developed as part of the [Linkey ](http://linkey.blogs.lincoln.ac.uk ) project which was funded by [JISC ](http://jisc.ac.uk ) under the Access and Identity Management programme.
2014-02-27 04:15:16 +05:30
[](https://bitdeli.com/free "Bitdeli Badge")
