A spec compliant, secure by default PHP OAuth 2.0 Server
Go to file
ziege e563230f10 Method to get all headers for the error response
Method added to get all required headers for the error response, according to the RFC - the correct HTTP status code and the "WWW-Authenticate" header in special cases.
2013-03-27 13:33:09 +00:00
sql Re-order MySQL table creations 2013-02-20 12:32:55 +00:00
src/OAuth2 Method to get all headers for the error response 2013-03-27 13:33:09 +00:00
tests Fixed broken unit test. Fixes #28 2013-03-27 13:29:11 +00:00
.gitattributes Added a .gitattributes file 2012-09-19 19:48:32 +01:00
.gitignore Cleaned up .gitignore 2013-03-06 17:04:31 +00:00
.travis.yml Updated .travis.yml 2013-03-06 17:05:07 +00:00
build.xml Don't remove composer.json and vendor dir 2012-08-06 16:13:27 +01:00
CHANGELOG.md Version bump 2013-03-04 13:18:34 +00:00
composer.json Removed phpunit from composer.json 2013-03-06 16:58:29 +00:00
license.txt Clarified license type 2012-07-19 15:32:38 +01:00
phpunit.xml Removed old build files 2013-03-06 17:04:49 +00:00
README.md Added tutorial section 2013-02-28 17:03:15 +00:00

PHP OAuth Framework

The goal of this project is to develop a standards compliant OAuth 2 authorization server and resource server.

Package Installation

The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:

{
	"require": {
		"lncd/OAuth2": "*"
	}
}

The library features 100% unit test code coverage. To run the tests yourself run phpunit -c build/phpunit.xml.

Current Features

Authorization Server

The authorization server is a flexible class and following core specification grants are implemented:

An overview of the different OAuth 2.0 grants can be found at http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/.

Resource Server

The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.

Tutorials

A tutorial on how to use the authorization server can be found at http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/.

A tutorial on how to use the resource server to secure an API server can be found at http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/.

Future Goals

Authorization Server


This code will be developed as part of the Linkey project which has been funded by JISC under the Access and Identity Management programme.

This code was principally developed by Alex Bilbie (Twitter|Github).

Valuable contribtions have been made by the following: