Repository files navigation

league/oauth2-server is a standards compliant implementation of anOAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.

Out of the box it supports the following grants:

• Authorization code grant
• Client credentials grant
• Device authorization grant
• Implicit grant
• Refresh grant
• Resource owner password credentials grant

The following RFCs are implemented:

• RFC6749 "OAuth 2.0"
• RFC6750 "The OAuth 2.0 Authorization Framework: Bearer Token Usage"
• RFC7519 "JSON Web Token (JWT)"
• RFC7636 "Proof Key for Code Exchange by OAuth Public Clients"
• RFC8628 "OAuth 2.0 Device Authorization Grant

This library was created by Alex Bilbie. Find him on Twitter at@alexbilbie.

The latest version of this package supports the following versions of PHP:

• PHP 8.1
• PHP 8.2
• PHP 8.3
• PHP 8.4
• PHP 8.5

Theopenssl andjson extensions are also required.

All HTTP messages passed to the server should bePSR-7 compliant. This ensures interoperability with other packages and frameworks.

composer require league/oauth2-server

The library documentation can be found athttps://oauth2.thephpleague.com.You can contribute to the documentation in thegh-pages branch.

The library usesPHPUnit for unit tests.

vendor/bin/phpunit

We useGithub Actions,Scrutinizer, andStyleCI for continuous integration. Check outourconfigurationfiles if you'd like to know more.

• Drupal
• Laravel Passport
• OAuth 2 Server for CakePHP 3
• OAuth 2 Server for Mezzio
• OAuth 2 Server Bundle (Symfony)
• Heimdall for CodeIgniter 4

See theproject changelog

Contributions are always welcome. Please seeCONTRIBUTING.md andCODE_OF_CONDUCT.md for details.

Bugs and feature request are tracked onGitHub.

If you have any questions about OAuthplease open a ticket here; pleasedon't email the address below.

If you discover any security related issues, please emailandrew@noexceptions.io instead of using the issue tracker.

This package is released under the MIT License. See the bundledLICENSE file for details.

This code is principally developed and maintained byAndy Millington.

Between 2012 and 2017 this library was developed and maintained byAlex Bilbie.

PHP OAuth 2.0 Server is one of many packages provided by The PHP League. To find out more, please visitour website.

Special thanks toall of these awesome contributors.

Additional thanks go to theMozilla Secure Open Source Fund for funding a security audit of this library.

The initial code was developed as part of theLinkey project which was funded byJISC under the Access and Identity Management programme.