oauth2-server/README.md

59 lines
2.7 KiB
Markdown
Raw Normal View History

2012-08-27 20:13:17 +05:30
# PHP OAuth Framework
2012-06-05 01:30:52 +05:30
The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server.
2012-08-27 20:13:17 +05:30
## Package Installation
2012-08-27 20:13:17 +05:30
The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
```javascript
{
2013-01-03 00:46:16 +05:30
"require": {
2013-02-20 01:55:46 +05:30
"lncd/OAuth2": "*"
2012-08-27 20:13:17 +05:30
}
}
```
2013-02-15 22:38:21 +05:30
---
2012-08-27 20:13:17 +05:30
2013-02-15 22:38:21 +05:30
The library features 100% unit test code coverage. To run the tests yourself run `phpunit -c build/phpunit.xml`.
2012-08-27 20:13:17 +05:30
## Current Features
### Authorization Server
2012-08-27 20:13:17 +05:30
The authorization server is a flexible class and following core specification grants are implemented:
2013-01-03 00:46:16 +05:30
* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
2013-02-15 22:38:21 +05:30
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
2012-08-27 20:13:17 +05:30
2013-02-22 19:01:05 +05:30
A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
2013-02-28 21:56:06 +05:30
An overview of the different OAuth 2.0 grants can be found at [http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/](http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/).
2012-08-27 20:13:17 +05:30
### Resource Server
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.
2013-02-22 19:01:05 +05:30
A tutorial on how to use the resource server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
2012-08-27 20:13:17 +05:30
## Future Goals
### Authorization Server
2012-08-27 20:13:17 +05:30
* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
2013-02-15 22:38:21 +05:30
---
2012-09-07 16:29:41 +05:30
2013-02-15 22:38:21 +05:30
This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
2012-09-07 16:29:41 +05:30
2013-02-15 22:38:21 +05:30
This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([Twitter](https://twitter.com/alexbilbie)|[Github](https://github.com/alexbilbie)).
Valuable contribtions have been made by the following:
2012-08-27 20:13:17 +05:30
2013-02-15 22:38:21 +05:30
* [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode))
2013-02-22 19:01:05 +05:30
* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))