oauth2-server/README.md

# PHP OAuth 2.0 Server

A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.

## Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:

```javascript
{
	"require": {
		"league/oauth2-server": "2.*"
	}
}
```

#### Master branch

Latest stable version - [![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server)
Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/php-loep/oauth2-server?branch=master)
Downloads - [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server)

#### Develop branch

Latest unstable version - [![Latest Unstable Version](https://poser.pugx.org/league/oauth2-server/v/unstable.png)](https://packagist.org/packages/league/oauth2-server)
Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=develop)](https://coveralls.io/r/php-loep/oauth2-server?branch=develop)

---

The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.

## Current Features

### Authorization Server

The authorization server is a flexible class and the following core specification grants are implemented:

* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))

An overview of the different OAuth 2.0 grants can be found in the wiki [https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F).

### Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.

### Custom grants

Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).

### PDO driver

If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).

## Tutorials and documentation

The wiki has lots of guides on how to use this library, check it out - [https://github.com/php-loep/oauth2-server/wiki](https://github.com/php-loep/oauth2-server/wiki).

A simple tutorial on how to use the authorization server can be found at [https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server](https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server).

A simple tutorial on how to use the resource server to secure an API server can be found at [https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0](https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0).

## Changelog

[See the project releases page](https://github.com/php-loep/oauth2-server/releases)

## Contributing

Please see [CONTRIBUTING](https://github.com/php-loep/oauth2-server/blob/master/CONTRIBUTING.md) for details.

## Support

Bugs and feature request are tracked on [GitHub](https://github.com/php-loep/oauth2-server/issues)

## License

This package is released under the MIT License. See the bundled [LICENSE](https://github.com/php-loep/oauth2-server/blob/master/LICENSE) file for details.

## Credits

This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).

Special thanks to:

* [Dan Horrigan](https://github.com/dandoescode)
* [Nick Jackson](https://github.com/jacksonj04)
* [Michael Gooden](https://github.com/MichaelGooden)
* [Phil Sturgeon](https://github.com/philsturgeon)
* [and all the other contributors](https://github.com/php-loep/oauth2-server/contributors)

The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
Added contributors 2013-07-24 22:44:48 +05:30			`# PHP OAuth 2.0 Server`
Initial commit 2012-06-05 01:30:52 +05:30
Added contributors 2013-07-24 22:44:48 +05:30			`A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.`
Updated README.md with an introduction to the project 2012-06-05 01:46:27 +05:30
Updated README 2012-08-27 20:13:17 +05:30			`## Package Installation`
Updated README.md with an introduction to the project 2012-06-05 01:46:27 +05:30
Updated README 2012-08-27 20:13:17 +05:30			`The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:`

			```javascript
			`{`
Updated README 2013-01-03 00:46:16 +05:30			`"require": {`
Updated the README 2013-05-08 23:21:56 +05:30			`"league/oauth2-server": "2.*"`
Updated README 2012-08-27 20:13:17 +05:30			`}`
			`}`
			```

Added badges [ci skip] 2013-07-26 15:38:24 +05:30			`#### Master branch`

Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`Latest stable version - [![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server)`
			`Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/php-loep/oauth2-server?branch=master)`
Added badges [ci skip] 2013-07-26 15:38:24 +05:30			`Downloads - [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server)`

			`#### Develop branch`

Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`Latest unstable version - [![Latest Unstable Version](https://poser.pugx.org/league/oauth2-server/v/unstable.png)](https://packagist.org/packages/league/oauth2-server)`
			`Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=develop)](https://coveralls.io/r/php-loep/oauth2-server?branch=develop)`
Added badges [ci skip] 2013-07-26 15:38:24 +05:30
Updated README 2013-02-15 22:38:21 +05:30			`---`
Updated README 2012-08-27 20:13:17 +05:30
Updated the README 2013-05-08 23:21:56 +05:30			The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
Updated README 2012-08-27 20:13:17 +05:30
			`## Current Features`

Changed all mentions of authentication to authorization server 2013-02-20 18:10:42 +05:30			`### Authorization Server`
Updated README 2012-08-27 20:13:17 +05:30
Updated the README 2013-05-08 23:21:56 +05:30			`The authorization server is a flexible class and the following core specification grants are implemented:`
Updated README 2013-01-03 00:46:16 +05:30
Changed all mentions of authentication to authorization server 2013-02-20 18:10:42 +05:30			`* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))`
Updated README 2013-02-15 22:38:21 +05:30			`* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))`
			`* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))`
			`* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))`
Updated README 2012-08-27 20:13:17 +05:30
Updated link to wiki 2013-05-09 05:34:17 +05:30			`An overview of the different OAuth 2.0 grants can be found in the wiki [https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F).`
Added description of grants link 2013-02-28 21:56:06 +05:30
Updated README 2012-08-27 20:13:17 +05:30			`### Resource Server`

Updated the README 2013-05-08 23:21:56 +05:30			`The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.`
Updated README 2012-08-27 20:13:17 +05:30
Updated the README 2013-05-08 23:21:56 +05:30			`### Custom grants`

			`Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).`

			`### PDO driver`

			`If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).`
Added tutorial section 2013-02-28 22:33:15 +05:30
Link to wiki 2013-05-09 08:08:23 +05:30			`## Tutorials and documentation`

			`The wiki has lots of guides on how to use this library, check it out - [https://github.com/php-loep/oauth2-server/wiki](https://github.com/php-loep/oauth2-server/wiki).`
Added tutorial section 2013-02-28 22:33:15 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`A simple tutorial on how to use the authorization server can be found at [https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server](https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server).`
Added tutorial section 2013-02-28 22:33:15 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`A simple tutorial on how to use the resource server to secure an API server can be found at [https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0](https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0).`
Added tutorial links 2013-02-22 19:01:05 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`## Changelog`
Updated README 2012-08-27 20:13:17 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`[See the project releases page](https://github.com/php-loep/oauth2-server/releases)`
Updated README 2012-08-27 20:13:17 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`## Contributing`
Updated README 2012-08-27 20:13:17 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`Please see [CONTRIBUTING](https://github.com/php-loep/oauth2-server/blob/master/CONTRIBUTING.md) for details.`
Added contributors 2013-07-24 22:44:48 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`## Support`
Added contributors 2013-07-24 22:44:48 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`Bugs and feature request are tracked on [GitHub](https://github.com/php-loep/oauth2-server/issues)`
Added contributors 2013-07-24 22:44:48 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`## License`
Added contributors 2013-07-24 22:44:48 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`This package is released under the MIT License. See the bundled [LICENSE](https://github.com/php-loep/oauth2-server/blob/master/LICENSE) file for details.`
Added contributors 2013-07-24 22:44:48 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`## Credits`
Added contributors 2013-07-24 22:44:48 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).`
Update README.md 2012-09-07 16:29:41 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`Special thanks to:`
Update README.md 2012-09-07 16:29:41 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`* [Dan Horrigan](https://github.com/dandoescode)`
			`* [Nick Jackson](https://github.com/jacksonj04)`
			`* [Michael Gooden](https://github.com/MichaelGooden)`
			`* [Phil Sturgeon](https://github.com/philsturgeon)`
			`* [and all the other contributors](https://github.com/php-loep/oauth2-server/contributors)`
Updated README 2013-02-15 22:38:21 +05:30
Merge branch 'refs/heads/master' into develop Conflicts: .travis.yml README.md 2013-09-26 15:48:10 +05:30			`The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.`