kdubuc/oauth2-introspection-psr15

PSR15 OAuth2 Introspection Middleware

dev-main 2022-05-11 07:20 UTC

This package is auto-updated.

Last update: 2024-12-11 12:39:29 UTC


README

Protect your API with OAuth 2.0 Token Introspection RFC 7662.

PSR-6 can be used to store introspection data during its lifetime (if expiration timestamp of the token is specified by introspection endpoint).

Install

Via Composer

$ composer require kdubuc/oauth2-introspection-psr15

Usage

$middleware =  new Oauth2Introspection($http_psr18_client, $http_stream_psr17_factory, $http_request_psr17_factory, [
    'introspection_endpoint' => 'http://oauth2.example.com/introspect',
    'oauth2_client_id'       => 'client_id',
    'oauth2_client_secret'   => 'client_secret',
]);

$middleware->enableCache($psr6_cache);

// Introspection results will be stored into 'oauth2_access_token_introspection_data' request attribute

Testing

$ vendor/bin/phpunit tests/

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email kevindubuc62@gmail.com instead of using the issue tracker.

Credits

License

The CeCILL-B License. Please see License File for more information.