oauth2-server/README.md

# PHP OAuth Framework

The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server.

## Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:

```javascript
{
	"require": {
		"lncd/OAuth2": "*"
	}
}
```

---

The library features 100% unit test code coverage. To run the tests yourself run `phpunit -c build/phpunit.xml`.

## Current Features

### Authorization Server

The authorization server is a flexible class and following core specification grants are implemented:

* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))

An overview of the different OAuth 2.0 grants can be found at [http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/](http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/).

### Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.


## Tutorials

A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).

A tutorial on how to use the resource server to secure an API server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).

## Future Goals

### Authorization Server

* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).

---

This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.

This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)|[Github](https://github.com/alexbilbie)).

Valuable contribtions have been made by the following:

* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode))
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))
Updated README 2012-08-27 15:43:17 +01:00			`# PHP OAuth Framework`
Initial commit 2012-06-04 13:00:52 -07:00
Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server.`
Updated README.md with an introduction to the project 2012-06-04 22:16:27 +02:00
Updated README 2012-08-27 15:43:17 +01:00			`## Package Installation`
Updated README.md with an introduction to the project 2012-06-04 22:16:27 +02:00
Updated README 2012-08-27 15:43:17 +01:00			`The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:`

			```javascript
			`{`
Updated README 2013-01-02 19:16:16 +00:00			`"require": {`
Fix composer element 2013-02-19 21:25:46 +01:00			`"lncd/OAuth2": "*"`
Updated README 2012-08-27 15:43:17 +01:00			`}`
			`}`
			```

Updated README 2013-02-15 17:08:21 +00:00			`---`
Updated README 2012-08-27 15:43:17 +01:00
Updated README 2013-02-15 17:08:21 +00:00			The library features 100% unit test code coverage. To run the tests yourself run `phpunit -c build/phpunit.xml`.
Updated README 2012-08-27 15:43:17 +01:00
			`## Current Features`

Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`### Authorization Server`
Updated README 2012-08-27 15:43:17 +01:00
Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`The authorization server is a flexible class and following core specification grants are implemented:`
Updated README 2013-01-02 19:16:16 +00:00
Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))`
Updated README 2013-02-15 17:08:21 +00:00			`* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))`
			`* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))`
			`* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))`
Updated README 2012-08-27 15:43:17 +01:00
Added description of grants link 2013-02-28 16:26:06 +00:00			`An overview of the different OAuth 2.0 grants can be found at [http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/](http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/).`

Updated README 2012-08-27 15:43:17 +01:00			`### Resource Server`

			`The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.`

Added tutorial section 2013-02-28 17:03:15 +00:00
			`## Tutorials`

			`A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).`

			`A tutorial on how to use the resource server to secure an API server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).`
Added tutorial links 2013-02-22 13:31:05 +00:00
Updated README 2012-08-27 15:43:17 +01:00			`## Future Goals`

Changed all mentions of authentication to authorization server 2013-02-20 12:40:42 +00:00			`### Authorization Server`
Updated README 2012-08-27 15:43:17 +01:00
			`* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).`
			`* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).`

Updated README 2013-02-15 17:08:21 +00:00			`---`
Update README.md 2012-09-07 12:59:41 +02:00
Updated README 2013-02-15 17:08:21 +00:00			`This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.`
Update README.md 2012-09-07 12:59:41 +02:00
Updated README 2013-02-15 17:08:21 +00:00			`This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)\|[Github](https://github.com/alexbilbie)).`

			`Valuable contribtions have been made by the following:`
Updated README 2012-08-27 15:43:17 +01:00
Updated README 2013-02-15 17:08:21 +00:00			`* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)\|[Github](https://github.com/dandoescode))`
Added tutorial links 2013-02-22 13:31:05 +00:00			`* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)\|[Github](https://github.com/jacksonj04))`