OAuth 2.0 Server for the Neos Flow Framework
The installation is done with composer:
composer require punktde/oauth2-server
Run the doctrine migrations
Optional: Define position of routes
Routes are per default included without any position parameter. If routes are positioned wrong adjust the position accordig to the [Flow Route documentation](https://flowframework.readthedocs.io/en/stable/TheDefinitiveGuide/PartIII/Routing.html#subroutes-from-settings)
Enable the required grant types within your settings:
PunktDe: OAuth2: Server: grantTypes: client_credentials: enabled: false authorization_code: enabled: false
Have a look at
Settings.PunktDe.yaml for further configuration values.
Generate server keys:
Create client credentials:
./flow oauthserver:createclientcredentials <identifier> <name> <grant-type>
There is a good listing at thephpleague.com of all grant types of OAuth2 which should help you to find the type that fits to your application.
The following OAuth 2.0 grant types are implemented:
If you are authorizing a machine to access resources and you don’t require the permission of a user to access said resources you should implement the client credential grant.
If the client is a web application that has a server side component then you should implement the authorization code grant.
The urls to use are:
- Access Token URL:
- Authorization URL:
- Authorization approval URL:
The Authorization code grant is currently implemented with an implicit authorization of the requesting application.
/oauth/authorize is called without an authenticated Flow account, the user is automatically redirected to a configurable URL.
After authentication, the user should be forwarded to
/oauth/approveauthorization to approve the previously started authorization session.
Authentication request approval can be extended to fit your projects needs. You can put your custom logic into a class implementing the