mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-16 18:19:47 +05:30
65 lines
3.1 KiB
Markdown
65 lines
3.1 KiB
Markdown
# The League of Extraordinary Packages presents: PHP OAuth 2.0 Server
|
|
|
|
The goal of this project is to develop a standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server.
|
|
|
|
## Package Installation
|
|
|
|
The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
|
|
|
|
```javascript
|
|
{
|
|
"require": {
|
|
"league/oauth2-server": "2.*"
|
|
}
|
|
}
|
|
```
|
|
|
|
---
|
|
|
|
The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
|
|
|
|
## Current Features
|
|
|
|
### Authorization Server
|
|
|
|
The authorization server is a flexible class and the following core specification grants are implemented:
|
|
|
|
* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
|
|
* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
|
|
* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
|
|
* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
|
|
|
|
An overview of the different OAuth 2.0 grants can be found at [http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/](http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/).
|
|
|
|
### Resource Server
|
|
|
|
The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
|
|
|
|
### Custom grants
|
|
|
|
Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).
|
|
|
|
### PDO driver
|
|
|
|
If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).
|
|
|
|
## Tutorials
|
|
|
|
A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
|
|
|
|
A tutorial on how to use the resource server to secure an API server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
|
|
|
|
## Future Goals
|
|
|
|
### Authorization Server
|
|
|
|
* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
|
|
* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
|
|
|
|
---
|
|
|
|
The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
|
|
|
|
This code is principally developed and maintained by [@alexbilbie](https://twitter.com/alexbilbie).
|
|
|
|
A list of contributors can be found at [https://github.com/php-loep/oauth2-server/contributors](https://github.com/php-loep/oauth2-server/contributors). |