oauth2-server/README.md

93 lines
4.7 KiB
Markdown
Raw Normal View History

2013-07-24 13:14:48 -04:00
# PHP OAuth 2.0 Server
2012-06-04 13:00:52 -07:00
2013-07-24 13:14:48 -04:00
A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.
2012-08-27 15:43:17 +01:00
## Package Installation
2012-08-27 15:43:17 +01:00
The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
```javascript
{
2013-01-02 19:16:16 +00:00
"require": {
2013-05-08 10:51:56 -07:00
"league/oauth2-server": "2.*"
2012-08-27 15:43:17 +01:00
}
}
```
2013-07-26 11:08:24 +01:00
#### Master branch
Latest stable version - [![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server)
Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/php-loep/oauth2-server?branch=master)
2013-07-26 11:08:24 +01:00
Downloads - [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server)
#### Develop branch
Latest unstable version - [![Latest Unstable Version](https://poser.pugx.org/league/oauth2-server/v/unstable.png)](https://packagist.org/packages/league/oauth2-server)
Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=develop)](https://coveralls.io/r/php-loep/oauth2-server?branch=develop)
2013-07-26 11:08:24 +01:00
2013-02-15 17:08:21 +00:00
---
2012-08-27 15:43:17 +01:00
2013-05-08 10:51:56 -07:00
The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
2012-08-27 15:43:17 +01:00
## Current Features
### Authorization Server
2012-08-27 15:43:17 +01:00
2013-05-08 10:51:56 -07:00
The authorization server is a flexible class and the following core specification grants are implemented:
2013-01-02 19:16:16 +00:00
* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
2013-02-15 17:08:21 +00:00
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
2012-08-27 15:43:17 +01:00
2013-05-08 17:04:17 -07:00
An overview of the different OAuth 2.0 grants can be found in the wiki [https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F).
2013-02-28 16:26:06 +00:00
2012-08-27 15:43:17 +01:00
### Resource Server
2013-05-08 10:51:56 -07:00
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
2012-08-27 15:43:17 +01:00
2013-05-08 10:51:56 -07:00
### Custom grants
Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).
### PDO driver
If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).
2013-02-28 17:03:15 +00:00
2013-05-08 19:38:23 -07:00
## Tutorials and documentation
The wiki has lots of guides on how to use this library, check it out - [https://github.com/php-loep/oauth2-server/wiki](https://github.com/php-loep/oauth2-server/wiki).
2013-02-28 17:03:15 +00:00
A simple tutorial on how to use the authorization server can be found at [https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server](https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server).
2013-02-28 17:03:15 +00:00
A simple tutorial on how to use the resource server to secure an API server can be found at [https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0](https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0).
2013-02-22 13:31:05 +00:00
## Changelog
2012-08-27 15:43:17 +01:00
[See the project releases page](https://github.com/php-loep/oauth2-server/releases)
2012-08-27 15:43:17 +01:00
## Contributing
2012-08-27 15:43:17 +01:00
Please see [CONTRIBUTING](https://github.com/php-loep/oauth2-server/blob/master/CONTRIBUTING.md) for details.
2013-07-24 13:14:48 -04:00
## Support
2013-07-24 13:14:48 -04:00
Bugs and feature request are tracked on [GitHub](https://github.com/php-loep/oauth2-server/issues)
2013-07-24 13:14:48 -04:00
## License
2013-07-24 13:14:48 -04:00
This package is released under the MIT License. See the bundled [LICENSE](https://github.com/php-loep/oauth2-server/blob/master/LICENSE) file for details.
2013-07-24 13:14:48 -04:00
## Credits
2013-07-24 13:14:48 -04:00
This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).
2012-09-07 12:59:41 +02:00
Special thanks to:
2012-09-07 12:59:41 +02:00
* [Dan Horrigan](https://github.com/dandoescode)
* [Nick Jackson](https://github.com/jacksonj04)
* [Michael Gooden](https://github.com/MichaelGooden)
* [Phil Sturgeon](https://github.com/philsturgeon)
* [and all the other contributors](https://github.com/php-loep/oauth2-server/contributors)
2013-02-15 17:08:21 +00:00
The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.