A spec compliant, secure by default PHP OAuth 2.0 Server
Go to file
Phil Sturgeon 89f3446b98 Merge pull request #79 from reinink/patch-1
Fixed link to authorization server guide.
2013-08-27 09:01:16 -07:00
sql Added cascading relationship between oauth_sessions_authcodes and oauth_sessions 2013-05-10 17:32:39 -07:00
src/League/OAuth2/Server This fixes #57. By passing in a conditional flag refering to headersOnly, the library would stil respect RFC6749 Section 7 and RFC6750 Section 2. 2013-05-27 21:27:30 -07:00
tests Fixed broken test 2013-05-27 19:38:07 +01:00
.gitattributes Added a .gitattributes file 2012-09-19 19:48:32 +01:00
.gitignore Cleaned up .gitignore 2013-03-06 17:04:31 +00:00
.travis.yml Test in PHP 5.5 too 2013-08-08 09:25:17 -04:00
build.xml Don't remove composer.json and vendor dir 2012-08-06 16:13:27 +01:00
CHANGELOG.md Updated changelog 2013-06-02 13:54:54 +01:00
composer.json Version bump 2013-06-02 13:54:47 +01:00
license.txt Updated License 2013-05-08 19:04:40 -07:00
phpunit.xml Removed old build files 2013-03-06 17:04:49 +00:00
README.md Fixed link to authorization server guide. 2013-07-26 10:04:09 -04:00

PHP OAuth 2.0 Server

A standards compliant OAuth 2.0 authorization server and resource server written in PHP.

Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:

{
	"require": {
		"league/oauth2-server": "2.*"
	}
}

The library features 100% unit test code coverage. To run the tests yourself run phpunit from the project root.

Current Features

Authorization Server

The authorization server is a flexible class and the following core specification grants are implemented:

An overview of the different OAuth 2.0 grants can be found in the wiki https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F.

Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.

Custom grants

Custom grants can be created easily by implementing an interface. Check out a guide here https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants.

PDO driver

If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes.

Tutorials and documentation

The wiki has lots of guides on how to use this library, check it out - https://github.com/php-loep/oauth2-server/wiki.

A tutorial on how to use the authorization server can be found at https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server.

A tutorial on how to use the resource server to secure an API server can be found at https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0.

Future Goals

Authorization Server


The initial code was developed as part of the Linkey project which was funded by JISC under the Access and Identity Management programme.

This code is principally developed and maintained by @alexbilbie.

Credits

Changelog

See the changelog file

Contributing

Please see CONTRIBUTING for details.

Support

Bugs and feature request are tracked on GitHub

License

oauth2-server is released under the MIT License. See the bundled LICENSE file for details.