[ 'displayErrorDetails' => true, ], AuthorizationServer::class => function () { // Init our repositories $clientRepository = new ClientRepository(); $accessTokenRepository = new AccessTokenRepository(); $scopeRepository = new ScopeRepository(); $authCodeRepository = new AuthCodeRepository(); $refreshTokenRepository = new RefreshTokenRepository(); $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; // Setup the authorization server $server = new AuthorizationServer( $clientRepository, $accessTokenRepository, $scopeRepository, $privateKeyPath, $publicKeyPath ); // Enable the authentication code grant on the server with a token TTL of 1 hour $server->enableGrantType( new AuthCodeGrant( $authCodeRepository, $refreshTokenRepository, new \DateInterval('PT10M') ), new \DateInterval('PT1H') ); // Enable the refresh token grant on the server with a token TTL of 1 month $server->enableGrantType( new RefreshTokenGrant($refreshTokenRepository), new \DateInterval('PT1M') ); return $server; }, ]); // Access token issuer $app->post('/access_token', function () { })->add(new AuthorizationServerMiddleware($app->getContainer()->get(AuthorizationServer::class))); // Secured API $app->group('/api', function () { $this->get('/user', function (ServerRequestInterface $request, ResponseInterface $response) { $params = []; if (in_array('basic', $request->getAttribute('oauth_scopes', []))) { $params = [ 'id' => 1, 'name' => 'Alex', 'city' => 'London', ]; } if (in_array('email', $request->getAttribute('oauth_scopes', []))) { $params['email'] = 'alex@example.com'; } $body = new Stream('php://temp', 'r+'); $body->write(json_encode($params)); return $response->withBody($body); }); })->add(new ResourceServerMiddleware($app->getContainer()->get(AuthorizationServer::class))); $app->run();