2.6 KiB
PHP OAuth Framework
The goal of this project is to develop a standards compliant OAuth 2 authorization server and resource server.
Package Installation
The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
{
"require": {
"league/oauth2server": "2.*"
}
}
The library features 100% unit test code coverage. To run the tests yourself run phpunit -c build/phpunit.xml.
Current Features
Authorization Server
The authorization server is a flexible class and following core specification grants are implemented:
- authorization code (section 4.1)
- refresh token (section 6)
- client credentials (section 2.3.1)
- password (user credentials) (section 4.3)
An overview of the different OAuth 2.0 grants can be found at http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/.
Resource Server
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.
Tutorials
A tutorial on how to use the authorization server can be found at http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/.
A tutorial on how to use the resource server to secure an API server can be found at http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/.
Future Goals
Authorization Server
- Support for JSON web tokens.
- Support for SAML assertions.
The initial code was developed as part of the Linkey project which was funded by JISC under the Access and Identity Management programme.
This code is principally developed by Alex Bilbie (Twitter|Github).
A list of contributors can be found at https://github.com/php-loep/oauth2-server/contributors.