Yii2 OAuth2 server implementation of https://oauth2.thephpleague.com/

v1.0.3 2021-08-30 10:25 UTC

This package is auto-updated.

Last update: 2022-11-29 02:56:10 UTC


This extension provides The PHP League: OAuth 2.0 Server module for the Yii2 Framework.

The PHP League: OAuth 2.0 Server is a package that makes setting up a OAuth2 server easy.


The preferred way to install this extension is through composer.

Either run

$ composer require wolfpack-it/yii2-oauth

or add

"wolfpack-it/yii2-oauth": "^<latest version>"

to the require section of your composer.json file.


Configure module

The basic configuration is a module in your application:

'modules' => [
    'oauth' => [
        'class' => \WolfpackIT\oauth\Module::class,
        'userClass' => '<class of ActiveRecordUser implementing UserEntityInterface>',
        'db' => 'db', // component that should be used for the database connection
        'publicKey' => '<path to public key file te be used by CryptKey, or configuration>',
        'privateKey' => '<path to private key file te be used by CryptKey, or configuration>',
        'encryptionKey' => '<random string for encryption>',
        'tokenValidationLeeway' => null|int, // The number of seconds to use as leeway when validating access tokens

See the public variables of the Module for the full configuration options.

An example on how to generate keys can be found here.

Whenever the AccessTokenService is being injected via DI, the module needs to be added to the bootstrap of the application.

Running migrations

The migrations can be ran automatically by adding them to the migration namespaces:

'migrationNamespaces' => [

To get this working, you will need to add an alias:

'aliases' => [
    '@WolfpackIT/oauth' => '@vendor/wolfpack-it/yii2-oauth/src',

If you want to override the database connection in the migrations, you will need to bootstrap the oauth module also in the console.

Add routes

To have the module accessible, make sure the correct routes are set in your urlManager.

For example when your module is called oauth:

'urlManager' => [
    'rules' => [
        'oauth/<controller:[\w-]+>/<action:[\w-]+>' => 'oauth/<controller>/<action>'


  • Add tests



The MIT License (MIT). Please see LICENSE for more information.