Note 1: this library is still in development. The first stable release will be tagged as
v1.0.x
. All tagsv0.x.y
must be considered as unstable.Note 2: if you use Symfony, a bundle is in development.
This library provides components to build an authorization server based on the OAuth2 Framework protocol (RFC6749) and associated features.
The following components are implemented:
-
Access token manager:
- Simple string access token
- JWT access token
-
Access token type:
- Bearer access token (RFC6750)
- MAC access (IETF draft) - The implementation is stopped until the specification has not reach maturity
-
Exception manager
-
Scope manager (RFC6749, section 3.3)
-
Clients:
- Public clients (RFC6749, section 2.1)
- Proof Key for Code Exchange by OAuth Public Clients (RFC7636)
- Password clients (RFC6749, section 2.3.1)
- SAML clients (RFC7522) - Help requested!
- JWT clients (RFC7523)
- Unregistered clients (RFC6749, section 2.4)
- Public clients (RFC6749, section 2.1)
-
Endpoints:
- Authorization endpoint (RFC6749, section 3.1)
- Token endpoint (RFC6749, section 3.2)
- Token revocation endpoint (RFC7009)
- Token introspection endpoint (RFC7662)
-
Grant types:
- Authorization code grant type (RFC6749, section 4.1)
- Implicit grant type (RFC6749, section 4.2)
- Resource Owner Password Credentials grant type (RFC6749, section 4.3)
- Client credentials grant type (RFC6749, section 4.4)
- Refresh token grant type (RFC6749, section 6)
- SAML grant type (RFC7522) - Help requested!
- JWT Bearer token grant type (RFC7523)
-
OpenID Connect
The release process is described here.
It has been successfully tested using PHP 5.5.9
, PHP 5.6
, PHP 7
and HHVM
.
The preferred way to install this library is to rely on Composer:
composer require "spomky-labs/oauth2-server-library" "dev-master"
Look at Extend classes for more information and examples.
Have a look at How to use to use OAuth2 server and handle your first requests.
Requests for new features, bug fixed and all other ideas to make this library useful are welcome. Please follow these best practices.
This library is release under MIT licence.