freefri / cake-rest-api-oauth
Basic OAuth based on cake-rest-api
Installs: 145
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:cakephp-plugin
Requires
- php: >=7.4
- ext-json: *
- ext-mbstring: *
- bshaffer/oauth2-server-php: ~1.14
- cakephp/cakephp: ^4.4
- cakephp/migrations: ^3.2
- composer/composer: ^2.0
- eduplex-api/cake-api-swagger: ^0.1.4
- firebase/php-jwt: 5.*
- freefri/cake-rest-api: ^0.5.16
Requires (Dev)
- cakephp/cakephp-codesniffer: 4.*
- freefri/cake-rest-api-fake-app: ^0.1.6
- phpunit/phpunit: ~8.5.0 || ^9.3 || ^10.1
Suggests
- phpstan/phpstan: PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code.
README
Basic OAuth based on cake-rest-api
Authentication flow
Authorization Code Flow with Proof Key for Code Exchange (PKCE)
Based on docs from auth0 and oauth demo
sequenceDiagram
title Authorization Code Flow with Proof Key for Code Exchange (PKCE)
User->>App: Click login link
App->>App: Generate cryptographically-random code_verifier<br> and from this generates a code_challenge
participant Oauth as Oauth server
App->>Oauth: Authorization Code Request + code_challenge <br> to /authorize
Oauth-->>User: Display to login prompt (returns encrypted login_challenge)
User->>Oauth: Provide credentials (via POST form)
Oauth->>Oauth: Optionally, store cookie <br> to keep session open
Note right of Oauth: Authorization Server stores the code_challenge on password success
Oauth-->>App: Redirect with one time use authorization code
App->>Oauth: Authorization code + code_verifier to /oauth/token
Oauth->>Oauth: validate code_challenge and code_verifier
Oauth-->>App: ID token and access_token (optionally refresh_token)
Note over App,Oauth: App can use credentials to access the API
Loading
(To see this diagram you need to install Mermaid):