oauth2-server/installation.md

46 lines
1.7 KiB
Markdown
Raw Normal View History

2014-10-01 03:14:18 +05:30
---
layout: default
title: Installation
permalink: /installation/
---
# Installation
2016-03-16 02:03:44 +05:30
The recommended installation method is using [Composer](https://getcomposer.org).
The following versions of PHP are supported:
* PHP 5.5 (>=5.5.9)
* PHP 5.6
* PHP 7.0
* HHVM
2014-10-01 03:14:18 +05:30
2014-10-13 20:37:45 +05:30
In your project root just run:
2014-10-01 03:14:18 +05:30
2016-03-16 02:03:44 +05:30
{% highlight shell %}
2016-03-25 01:18:14 +05:30
$ $ composer require league/oauth2-server:5.0.0-RC1
2016-03-16 02:03:44 +05:30
{% endhighlight %}
2014-10-01 03:14:18 +05:30
2014-10-13 20:38:15 +05:30
Ensure that youve set up your project to [autoload Composer-installed packages](https://getcomposer.org/doc/00-intro.md#autoloading).
2016-03-16 02:03:44 +05:30
2016-03-25 01:18:19 +05:30
Depending on [which grant](/authorization-server/which-grant/) you are implementing you will need to implement a number of repository interfaces. Each grant documentation page lists which repositories are required, and each repository interface has it's own documentation page.
2016-03-16 02:03:44 +05:30
2016-03-23 18:15:09 +05:30
The repositories are expected to return (on success) instances of [entity interfaces](https://github.com/thephpleague/oauth2-server/tree/V5-WIP/src/Entities/Interfaces); to make integration with your existing entities and models as easy as possible though, all required methods have been implemented as traits that you can use.
## Generating public and private keys
To generate the private key run this command on the terminal:
{% highlight shell %}
openssl genrsa -out private.key 1024
{% endhighlight %}
then extract the public key from the private key:
{% highlight shell %}
openssl rsa -in private.key -pubout > public.key
{% endhighlight %}
The private key must be kept secret (i.e. out of the web-root of the authorization server). The authorization server also requires the public key.
The public key should be distributed to any services (for example resource servers) that validate access tokens.