A spec compliant, secure by default PHP OAuth 2.0 Server
Go to file
Phil Sturgeon f83a9a7fa4 Support Authorization header passed as ENV var
Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header
2014-02-26 17:28:17 -05:00
sql Added cascading relationship between oauth_sessions_authcodes and oauth_sessions 2013-05-10 17:32:39 -07:00
src/League/OAuth2/Server Support Authorization header passed as ENV var 2014-02-26 17:28:17 -05:00
tests Removed some tests that randomly fail 2013-12-06 10:17:33 +00:00
.gitattributes Merge branch 'refs/heads/master' into develop 2013-09-26 11:18:10 +01:00
.gitignore Updated .gitignore 2013-11-25 23:59:37 +00:00
.travis.yml Ninja 5.6 test 2014-02-11 12:27:35 -05:00
CHANGELOG.md Version bump 2013-12-05 21:09:35 +00:00
composer.json Update composer.json 2014-01-22 11:28:23 -05:00
CONTRIBUTING.md Update CONTRIBUTING.md 2013-12-06 10:50:22 +00:00
license.txt Updated License 2013-05-08 19:04:40 -07:00
phpunit.xml Added html coverage 2013-11-25 23:59:10 +00:00
phpunit.xml.dist Removed printer [ci skip] 2013-07-30 10:13:47 +01:00
README.md Update README.md 2013-12-19 12:33:39 +00:00

PHP OAuth 2.0 Server

Latest Stable Version Coverage Status Total Downloads Bitdeli Badge

A standards compliant OAuth 2.0 authorization server and resource server written in PHP.

Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:

{
	"require": {
		"league/oauth2-server": "3.*"
	}
}

Framework Integrations


The library features 100% unit test code coverage. To run the tests yourself run phpunit from the project root.

Master branch - Build Status

Develop branch - Build Status

Current Features

Authorization Server

The authorization server is a flexible class and the following core specification grants are implemented:

An overview of the different OAuth 2.0 grants can be found in the wiki https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F.

Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.

Custom grants

Custom grants can be created easily by implementing an interface. Check out a guide here https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants.

Tutorials and documentation

The wiki has lots of guides on how to use this library, check it out - https://github.com/php-loep/oauth2-server/wiki.

A simple tutorial on how to use the authorization server can be found at https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server.

A simple tutorial on how to use the resource server to secure an API server can be found at https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0.

Changelog

See the project releases page

Contributing

Please see CONTRIBUTING for details.

Support

Bugs and feature request are tracked on GitHub

License

This package is released under the MIT License. See the bundled LICENSE file for details.

Credits

This code is principally developed and maintained by Alex Bilbie.

Special thanks to:

The initial code was developed as part of the Linkey project which was funded by JISC under the Access and Identity Management programme.