maksimovic / oauth2-server-php
OAuth2 Server for PHP
Maintainers
Requires
- php: ^8.1
Requires (Dev)
- aws/aws-sdk-php: ^3.0
- firebase/php-jwt: ^7.0
- mroosz/php-cassandra: ^1.2
- phpstan/phpstan: ^2.1
- phpunit/phpunit: ^10.5
- predis/predis: ^2.0
Suggests
- aws/aws-sdk-php: ^3.0 is required to use DynamoDB storage
- couchbase/couchbase: ^4.4 is required to use Couchbase storage (requires ext-couchbase)
- firebase/php-jwt: ^7.0 is required to use JWT features
- mongodb/mongodb: ^1.20 || ^2.0 is required to use MongoDB storage
- mroosz/php-cassandra: ^1.2 is required to use Cassandra storage
- predis/predis: Required to use Redis storage
Replaces
This package is auto-updated.
Last update: 2026-04-20 14:54:02 UTC
README
maksimovic/oauth2-server-php
A maintained fork of bshaffer/oauth2-server-php — a standards-compliant OAuth 2.0 and OpenID Connect server library for PHP. It provides the server side of grants (authorization code, client credentials, refresh token, JWT bearer, …), token / scope / user-credentials handling, and pluggable storage backends (PDO, Redis, MongoDB, DynamoDB, Cassandra, Couchbase, in-memory).
Why this fork
Upstream has been effectively dormant; open PRs sit for months without triage. This fork brings the library up to current tooling and picks up community fixes:
- PHP 8.1–8.5 support
- PHPUnit 10 test suite, PHPStan level-max static analysis
- Couchbase SDK 4.x, MongoDB SDK 2.x, DynamoDB null-safety, Cassandra driver refresh
- Dropped legacy Mongo driver
- Docker-based CI matrix across PHP 8.1–8.5 with all storage backends
Drop-in replacement
composer.json declares "replace": {"bshaffer/oauth2-server-php": "*"}, so any consumer still requiring bshaffer/oauth2-server-php can pull this fork without changing their constraint:
{
"require": {
"maksimovic/oauth2-server-php": "^2.0"
}
}
Documentation
The upstream documentation still applies — public API and namespaces are unchanged.