mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30

A spec compliant, secure by default PHP OAuth 2.0 Server

Go to file

Alex Bilbie a8a375ed1f Anal code style fix		2013-05-08 13:40:15 -07:00
sql	Added refresh token expires column	2013-05-08 10:35:24 -07:00
src/League/OAuth2/Server	Anal code style fix	2013-05-08 13:40:15 -07:00
tests	Optimised tests by removing unused variables and adding further assertions	2013-05-08 13:34:05 -07:00
.gitattributes	Added a .gitattributes file	2012-09-19 19:48:32 +01:00
.gitignore	Cleaned up .gitignore	2013-03-06 17:04:31 +00:00
.travis.yml	Updated .travis.yml	2013-03-06 17:05:07 +00:00
build.xml	Don't remove composer.json and vendor dir	2012-08-06 16:13:27 +01:00
CHANGELOG.md	Updated the changelog	2013-05-08 10:52:13 -07:00
composer.json	Moved files into server namespace/folder and updated docblock copyright statements	2013-05-08 11:29:24 -07:00
license.txt	Clarified license type	2012-07-19 15:32:38 +01:00
phpunit.xml	Removed old build files	2013-03-06 17:04:49 +00:00
README.md	Updated the README	2013-05-08 10:51:56 -07:00

README.md

The League of Extraordinary Packages presents: PHP OAuth 2.0 Server

The goal of this project is to develop a standards compliant OAuth 2.0 authorization server and resource server.

Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:

{
	"require": {
		"league/oauth2-server": "2.*"
	}
}

The library features 100% unit test code coverage. To run the tests yourself run phpunit from the project root.

Current Features

Authorization Server

The authorization server is a flexible class and the following core specification grants are implemented:

authorization code (section 4.1)
refresh token (section 6)
client credentials (section 2.3.1)
password (user credentials) (section 4.3)

An overview of the different OAuth 2.0 grants can be found at http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/.

Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.

Custom grants

Custom grants can be created easily by implementing an interface. Check out a guide here https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants.

PDO driver

If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes.

Tutorials

A tutorial on how to use the authorization server can be found at http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/.

A tutorial on how to use the resource server to secure an API server can be found at http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/.

Future Goals

Authorization Server

Support for JSON web tokens.
Support for SAML assertions.

The initial code was developed as part of the Linkey project which was funded by JISC under the Access and Identity Management programme.

This code is principally developed and maintained by @alexbilbie.

A list of contributors can be found at https://github.com/php-loep/oauth2-server/contributors.