OAuth2 middleware for use within a Slim Framework API

v3.4.0 2023-05-09 19:38 UTC

This package is auto-updated.

Last update: 2024-04-09 22:01:22 UTC


Latest Stable Version Latest Unstable Version License

Total Downloads Daily Downloads Monthly Downloads


Middleware for using OAuth2 Server within a Slim 3 Framework API


Chadicus\Slim\OAuth2\Middleware requires PHP 5.6 (or later).


To add the library as a local, per-project dependency use Composer! Simply add a dependency on chadicus/slim-oauth2-middleware to your project's composer.json file such as:

composer require chadicus/slim-oauth2-middleware


Developers may be contacted at:

Project Build

With a checkout of the code get Composer in your PATH and run:

composer install



Example Usage

Simple example for using the authorization middleware.

use Chadicus\Slim\OAuth2\Middleware;
use OAuth2;
use OAuth2\Storage;
use OAuth2\GrantType;
use Slim;

//set up storage for oauth2 server
$storage = new Storage\Memory(
        'client_credentials' => [
            'administrator' => [
                'client_id' => 'administrator',
                'client_secret' => 'password',
                'scope' => 'superUser',
            'foo-client' => [
                'client_id' => 'foo-client',
                'client_secret' => 'p4ssw0rd',
                'scope' => 'basicUser canViewFoos',
            'bar-client' => [
                'client_id' => 'foo-client',
                'client_secret' => '!password1',
                'scope' => 'basicUser',

// create the oauth2 server
$server = new OAuth2\Server(
        'access_lifetime' => 3600,
        new GrantType\ClientCredentials($storage),

//create the basic app
$app = new Slim\App();

// create the authorization middlware
$authMiddleware = new Middleware\Authorization($server, $app->getContainer());

//Assumes token endpoints available for creating access tokens

$app->get('foos', function ($request, $response, $args) {
    //return all foos, no scope required

$getRouteCallback = function ($request, $response, $id) {
    //return details for a foo, requires superUser scope OR basicUser with canViewFoos scope

$app->get('foos/id', $getRouteCallback)->add($authMiddleware->withRequiredScope(['superUser', ['basicUser', 'canViewFoos']]));

$postRouteCallback = function ($request, $response, $args) {
    //Create a new foo, requires superUser scope

$app->post('foos', $postRouteCallback)->add($authMiddleware->withRequiredScope(['superUser']));