authbucket / oauth2-php
The standard compliant OAuth2.0 library based on the Symfony Components
Installs: 87 405
Dependents: 4
Suggesters: 0
Security: 0
Stars: 81
Watchers: 10
Forks: 24
Open Issues: 14
Requires
- php: >=5.5.9
- lib-openssl: *
- guzzlehttp/guzzle: ~6.2
- psr/log: ~1.0
- symfony/http-foundation: ~3.2
- symfony/http-kernel: ~3.2
- symfony/security: ~3.2
- symfony/validator: ~3.2
Requires (Dev)
- ext-pdo_sqlite: *
- doctrine/data-fixtures: ~1.0
- doctrine/dbal: ~2.2
- doctrine/orm: ~2.2
- monolog/monolog: ~1.4
- silex/silex: ~2.1
- symfony/browser-kit: ~3.2
- symfony/config: ~3.2
- symfony/css-selector: ~3.2
- symfony/finder: ~3.2
- symfony/form: ~3.2
- symfony/phpunit-bridge: ~3.2
- symfony/process: ~3.2
- symfony/translation: ~3.2
- symfony/twig-bridge: ~3.2
- twig/twig: ~1.28|~2.0
- dev-develop / 5.x-dev
- dev-master / 5.0.x-dev
- 5.0.0-alpha4
- 5.0.0-alpha3
- 5.0.0-alpha2
- 5.0.0-alpha1
- 4.x-dev
- 4.2.2
- 4.2.1
- 4.2.0
- 4.1.6
- 4.1.5
- 4.1.4
- 4.1.3
- 4.1.2
- 4.1.1
- 4.1.0
- 4.0.6
- 4.0.5
- 4.0.4
- 4.0.3
- 4.0.2
- 4.0.1
- 4.0.0
- 3.x-dev
- 3.2.2
- 3.2.1
- 3.2.0
- 3.1.6
- 3.1.5
- 3.1.4
- 3.1.3
- 3.1.2
- 3.1.1
- 3.0.16
- 3.0.15
- 3.0.14
- 3.0.13
- 3.0.12
- 3.0.11
- 3.0.10
- 3.0.9
- 3.0.8
- 3.0.7
- 3.0.6
- 3.0.5
- 3.0.4
- 3.0.3
- 3.0.2
- 3.0.1
- 3.0.0
- 2.4.8
- 2.4.7
- 2.4.6
- 2.4.5
- 2.4.4
- 2.4.3
- 2.4.2
- 2.4.1
- 2.4.0
- 2.3.4
- 2.3.3
- 2.3.2
- 2.3.1
- 2.3.0
- 2.2.7
- 2.2.6
- 2.2.5
- 2.2.4
- 2.2.3
- 2.2.2
- 2.2.1
- 2.2.0
- 2.1.18
- 2.1.17
- 2.1.16
- 2.1.15
- 2.1.14
- 2.1.13
- 2.1.12
- 2.1.11
- 2.1.10
- 2.1.9
- 2.1.8
- 2.1.7
- 2.1.6
- 2.1.5
- 2.1.4
- 2.1.3
- 2.1.2
- 2.1.1
- 2.1.0
- 2.0.6
- 2.0.5
- 2.0.4
- 2.0.3
- 2.0.2
- 2.0.1
- 2.0.0
- 1.0.1
- 1.0.0
- 1.0.0-rc4
- 1.0.0-rc3
- 1.0.0-rc2
- 1.0.0-rc1
- 1.0.0-beta1
- 1.0.0-alpha5
- 1.0.0-alpha4
- 1.0.0-alpha3
- 1.0.0-alpha2
- 1.0.0-alpha1
This package is auto-updated.
Last update: 2024-12-19 18:37:25 UTC
README
The primary goal of AuthBucket\OAuth2 is to develop a standards compliant RFC6749 OAuth2.0 library; secondary goal would be develop corresponding wrapper Symfony2 Bundle and Drupal module.
This library bundle with a Silex based AuthBucketOAuth2ServiceProvider for unit test and demo purpose. Installation and usage can refer as below.
Installation
Simply add a dependency on authbucket/oauth2-php
to your project's composer.json
file if you use Composer to manage the dependencies of your project.
Here is a minimal example of a composer.json
:
{
"require": {
"authbucket/oauth2-php": "~5.0"
}
}
Parameters
The bundled AuthBucketOAuth2ServiceProvider come with following parameters:
authbucket_oauth2.model
: (Optional) Override this with your own model classes, default with in-memory AccessToken for using resource firewall with remote debug endpoint.authbucket_oauth2.model_manager.factory
: (Optional) Override this with your backend model managers, e.g. Doctrine ORM EntityRepository, default with in-memory implementation for using resource firewall with remote debug endpoint.authbucket_oauth2.user_provider
: (Optional) For usinggrant_type = password
, override this parameter with your own user provider, e.g. using InMemoryUserProvider or a Doctrine ORM EntityRepository that implements UserProviderInterface.
Services
The bundled AuthBucketOAuth2ServiceProvider come with following services controller which simplify the OAuth2.0 controller implementation overhead:
authbucket_oauth2.authorization_controller
: Authorization Endpoint controller.authbucket_oauth2.token_controller
: Token Endpoint controller.authbucket_oauth2.debug_controller
: Debug Endpoint controller.
Registering
If you are using Silex, register AuthBucketOAuth2ServiceProvider as below:
$app->register(new AuthBucket\OAuth2\Silex\Provider\AuthBucketOAuth2ServiceProvider());
Moreover, enable following service providers if that's not already the case:
$app->register(new Silex\Provider\MonologServiceProvider());
$app->register(new Silex\Provider\SecurityServiceProvider());
$app->register(new Silex\Provider\ValidatorServiceProvider());
Usage
This library seperate the endpoint logic in frontend firewall and backend controller point of view, so you will need to setup both for functioning.
To enable the built-in controller with corresponding routing, you need to mount it manually:
$app->get('/api/oauth2/authorize', 'authbucket_oauth2.authorization_controller:indexAction')
->bind('api_oauth2_authorize');
$app->post('/api/oauth2/token', 'authbucket_oauth2.token_controller:indexAction')
->bind('api_oauth2_token');
$app->match('/api/oauth2/debug', 'authbucket_oauth2.debug_controller:indexAction')
->bind('api_oauth2_debug');
Below is a list of recipes that cover some common use cases.
Authorization Endpoint
We don't provide custom firewall for this endpoint, which you should protect it by yourself, authenticate and capture the user credential, e.g. by SecurityServiceProvider:
$app['security.default_encoder'] = function ($app) {
return new Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder();
};
$app['security.user_provider.default'] = $app['security.user_provider.inmemory._proto']([
'demousername1' => ['ROLE_USER', 'demopassword1'],
'demousername2' => ['ROLE_USER', 'demopassword2'],
'demousername3' => ['ROLE_USER', 'demopassword3'],
]);
$app['security.firewalls'] = [
'api_oauth2_authorize' => [
'pattern' => '^/api/oauth2/authorize$',
'http' => true,
'users' => $app['security.user_provider.default'],
],
];
Token Endpoint
Similar as authorization endpoint, we need to protect this endpoint with our custom firewall oauth2_token
:
$app['security.firewalls'] = [
'api_oauth2_token' => [
'pattern' => '^/api/oauth2/token$',
'oauth2_token' => true,
],
];
Debug Endpoint
We should protect this endpoint with our custom firewall oauth2_resource
:
$app['security.firewalls'] = [
'api_oauth2_debug' => [
'pattern' => '^/api/oauth2/debug$',
'oauth2_resource' => true,
],
];
Resource Endpoint
We don't provide other else resource endpoint controller implementation besides above debug endpoint. You should consider implement your own endpoint with custom logic, e.g. fetching user email address or profile image.
On the other hand, you can protect your resource server endpoint with our custom firewall oauth2_resource
. Shorthand version (default assume resource server bundled with authorization server, query local model manager, without scope protection):
$app['security.firewalls'] = [
'api_resource' => [
'pattern' => '^/api/resource',
'oauth2_resource' => true,
],
];
Longhand version (assume resource server bundled with authorization server, query local model manager, protect with scope demoscope1
):
$app['security.firewalls'] = [
'api_resource' => [
'pattern' => '^/api/resource',
'oauth2_resource' => [
'resource_type' => 'model',
'scope' => ['demoscope1'],
],
],
];
If authorization server is hosting somewhere else, you can protect your local resource endpoint by query remote authorization server debug endpoint:
$app['security.firewalls'] = [
'api_resource' => [
'pattern' => '^/api/resource',
'oauth2_resource' => [
'resource_type' => 'debug_endpoint',
'scope' => ['demoscope1'],
'options' => [
'debug_endpoint' => 'http://example.com/api/oauth2/debug',
'cache' => true,
],
],
],
];
Demo
The demo is based on Silex and AuthBucketOAuth2ServiceProvider. Read though Demo for more information.
You may also run the demo locally. Open a console and execute the following command to install the latest version in the oauth2-php
directory:
$ composer create-project authbucket/oauth2-php authbucket/oauth2-php "~5.0"
Then use the PHP built-in web server to run the demo application:
$ cd authbucket/oauth2-php
$ ./bin/console server:run
If you get the error There are no commands defined in the "server" namespace.
, then you are probably using PHP 5.3. That's ok! But the built-in web server is only available for PHP 5.4.0 or higher. If you have an older version of PHP or if you prefer a traditional web server such as Apache or Nginx, read the Configuring a web server article.
Open your browser and access the http://127.0.0.1:8000 URL to see the Welcome page of demo application.
Also access http://127.0.0.1:8000/admin/refresh_database to initialize the bundled SQLite database with user account admin
:secrete
.
Documentation
OAuth2's documentation is built with Sami and publicly hosted on GitHub Pages.
To built the documents locally, execute the following command:
$ sami.php update .sami.php
Open build/sami/index.html
with your browser for the documents.
Tests
This project is coverage with PHPUnit test cases; CI result can be found from Travis CI; code coverage report can be found from Coveralls.
To run the test suite locally, execute the following command:
$ phpunit -c phpunit.xml.dist
Open build/logs/html
with your browser for the coverage report.