{"id":18036596,"url":"https://github.com/codexshaper/php-oauth2","last_synced_at":"2025-04-05T00:14:11.121Z","repository":{"id":56955858,"uuid":"270232789","full_name":"Codexshaper/php-oauth2","owner":"Codexshaper","description":"PHP OAuth2 Authentication","archived":false,"fork":false,"pushed_at":"2020-06-08T10:48:54.000Z","size":54,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-25T05:02:20.611Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Codexshaper.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-06-07T07:47:39.000Z","updated_at":"2020-06-08T10:48:57.000Z","dependencies_parsed_at":"2022-08-21T08:50:39.392Z","dependency_job_id":null,"html_url":"https://github.com/Codexshaper/php-oauth2","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codexshaper%2Fphp-oauth2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codexshaper%2Fphp-oauth2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codexshaper%2Fphp-oauth2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Codexshaper%2Fphp-oauth2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Codexshaper","download_url":"https://codeload.github.com/Codexshaper/php-oauth2/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247266566,"owners_count":20910836,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-30T12:13:43.576Z","updated_at":"2025-04-05T00:14:11.091Z","avatar_url":"https://github.com/Codexshaper.png","language":"PHP","readme":"[![License](http://img.shields.io/:license-mit-blue.svg?style=flat-square)](http://badges.mit-license.org)\n[![Build Status](https://travis-ci.org/Codexshaper/php-oauth2.svg?branch=master)](https://travis-ci.org/Codexshaper/php-oauth2)\n[![StyleCI](https://github.styleci.io/repos/270232789/shield?branch=master)](https://github.styleci.io/repos/270232789)\n[![Quality Score](https://img.shields.io/scrutinizer/g/Codexshaper/php-oauth2.svg?style=flat-square)](https://scrutinizer-ci.com/g/Codexshaper/php-oauth2)\n[![Downloads](https://poser.pugx.org/Codexshaper/php-oauth2/d/total.svg)](https://packagist.org/packages/Codexshaper/php-oauth2)\n[![Latest Version on Packagist](https://img.shields.io/packagist/v/Codexshaper/php-oauth2.svg?style=flat-square)](https://packagist.org/packages/Codexshaper/php-oauth2)\n\n# Description\nOAuth2 authentication for PHP\n\n## Install\n\n```\ncomposer require codexshaper/php-oauth2\n```\n\n## Setup Database\n\n```\nuse Illuminate\\Support\\Facades\\Facade;\nuse Illuminate\\Container\\Container;\nuse CodexShaper\\Database\\Database;\n\nFacade::setFacadeApplication(new Container);\n\n$db = new Database([\n\t\"driver\" \t\t=\u003e \"mysql\",\n\t\"host\" \t\t\t=\u003e 'localhost',\n\t\"database\" \t\t=\u003e 'php-oauth2',\n\t\"username\" \t\t=\u003e 'root',\n\t\"password\" \t\t=\u003e '',\n\t\"prefix\"   \t\t=\u003e '',\n\t\"charset\"   \t=\u003e 'utf8mb4',\n\t\"collation\"   \t=\u003e 'utf8mb4_unicode_ci',\n]);\n\n$db-\u003erun();\n```\n\nMore details about database follow this link https://github.com/Codexshaper/php-database\n\n#### Migrate tables\n\n```\nuse CodexShaper\\OAuth2\\Server\\Manager;\n\nManager::migrate();\n```\n\n#### Rollback tables\n\n```\nuse CodexShaper\\OAuth2\\Server\\Manager;\n\nManager::rollback();\n```\n\n#### Refresh tables\n\n```\nuse CodexShaper\\OAuth2\\Server\\Manager;\n\nManager::refresh();\n```\n\n### Client Credentials Grant\n\n#### The client sends a POST request with following body parameters to the authorization server:\n\n    `grant_type` with the value `client_credentials`\n    `client_id` with the client’s ID\n    `client_secret` with the client’s secret\n    `scope` with a space-delimited list of requested scope permissions.\n\n#### The authorization server will respond with a JSON object containing the following properties:\n\n    `token_type` with the value Bearer\n    `expires_in` with an integer representing the TTL of the access token\n    `access_token` a JWT signed with the authorization server’s private key\n\n### Password Grant\n\n\n#### The client then sends a POST request with following body parameters to the authorization server:\n\n    `grant_type` with the value `password`\n    `client_id` with the the client’s ID\n    `client_secret` with the client’s secret\n    `scope` with a space-delimited list of requested scope permissions.\n    `username` with the user’s username\n    `password` with the user’s password\n\n#### The authorization server will respond with a JSON object containing the following properties:\n\n    `token_type` with the value Bearer\n    `expires_in` with an integer representing the TTL of the access token\n    `access_token` a JWT signed with the authorization server’s private key\n    `refresh_token` an encrypted payload that can be used to refresh the access token when it expires.\n\n#### Get Access Token\n\n```\nuse CodexShaper\\OAuth2\\Server\\Http\\Controllers\\AccessTokenController;\nuse League\\OAuth2\\Server\\Exception\\OAuthServerException;\n\ntry {\n\t\n\t$controller = new AccessTokenController;\n\t$response = $controller-\u003eissueAccessToken();\n    \n} catch (OAuthServerException $exception) {\n\n    return $exception-\u003egenerateHttpResponse($response);\n    \n}\n```\n\n#### The client sends a POST request with following body parameters to the authorization server:\n\n    grant_type with the value refresh_token\n    refresh_token with the refresh token\n    client_id with the the client’s ID\n    client_secret with the client’s secret\n    scope with a space-delimited list of requested scope permissions. This is optional; if not sent the original scopes will be used, otherwise you can request a reduced set of scopes.\n\n#### The authorization server will respond with a JSON object containing the following properties:\n\n    token_type with the value Bearer\n    expires_in with an integer representing the TTL of the access token\n    access_token a new JWT signed with the authorization server’s private key\n    refresh_token an encrypted payload that can be used to refresh the access token when it expires\n\n\n#### Get Refresh Access Token\n\n```\nuse CodexShaper\\OAuth2\\Server\\Http\\Controllers\\RefreshTokenController;\nuse League\\OAuth2\\Server\\Exception\\OAuthServerException;\n\ntry {\n\t\n\t$controller = new RefreshTokenController;\n\t$response = $controller-\u003eissueAccessToken();\n    \n} catch (OAuthServerException $exception) {\n\n    return $exception-\u003egenerateHttpResponse($response);\n    \n}\n```\n\n### Part One\n\n#### The client will redirect the user to the authorization server with the following parameters in the query string:\n\n    response_type with the value code\n    client_id with the client identifier\n    redirect_uri with the client redirect URI. This parameter is optional, but if not send the user will be redirected to a pre-registered redirect URI.\n    scope a space delimited list of scopes\n    state with a CSRF token. This parameter is optional but highly recommended. You should store the value of the CSRF token in the user’s session to be validated when they return.\n\nAll of these parameters will be validated by the authorization server.\n\nThe user will then be asked to login to the authorization server and approve the client.\n\nIf the user approves the client they will be redirected from the authorization server to the client’s redirect URI with the following parameters in the query string:\n\n    code with the authorization code\n    state with the state parameter sent in the original request. You should compare this value with the value stored in the user’s session to ensure the authorization code obtained is in response to requests made by this client rather than another client application.\n\n```\nuse CodexShaper\\OAuth2\\Server\\Http\\Controllers\\RefreshTokenController;\nuse CodexShaper\\OAuth2\\Server\\Models\\User;\nuse League\\OAuth2\\Server\\Exception\\OAuthServerException;\n\n// Step 1\ntry {\n\t\n\t$user = User::find(1);\n\t$authorize = new AuthorizationController;\n\t$authRequest = $authorize-\u003eauthorize($user);\n    \n} catch (OAuthServerException $exception) {\n\n    return $exception-\u003egenerateHttpResponse($response);\n    \n}\n\n// Redirect to callback if skip authorization is true\n\n$client = new Client;\n\nif($client-\u003eisSkipsAuthorization()) {\n\n\t$headers = $authRequest-\u003egetHeaders();\n\t$locations = $headers['Location'];\n\n\tforeach ($locations as $location) {\n\t\theader('Location: ' . $location);\n\t}\n\tdie();\n}\n\n// If skip authorization is false then display html button to choose approve or deny. First set authRequest in your session to retrieve later for access token\n\nsession_start();\n\n\t$_SESSION['authRequest'] = $authRequest;\n\n$html = \u003c\u003c\u003cHTML\n\t\u003c!DOCTYPE html\u003e\n\t\u003chtml\u003e\n\t\t\u003chead\u003e\n\t\t\t\u003ctitle\u003e\u003c/title\u003e\n\t\t\u003c/head\u003e\n\t\t\u003cbody\u003e\n\t\t\t\u003cform\u003e\n\t\t\t\t\u003ca href=\"http://site.com/approve.php?action=approve\"\u003eApprove\u003c/a\u003e\n\t\t\t\t\u003ca href=\"http://site.com/approve.php?action=deny\"\u003eDeny\u003c/a\u003e\n\t\t\t\u003c/form\u003e\n\t\t\u003c/body\u003e\n\t\u003c/html\u003e\nHTML;\n\necho $html;\n\n// approve.php\n// You need to setup database before call any request\n\nif(isset($_SESSION['authRequest']) \u0026\u0026 $_REQUEST['action'] === 'approve') {\n\ttry {\n\n\t\t$user = User::find(1);\n\n\t\t$authorize = new AuthorizationController;\n\t\t$authRequest = $_SESSION['authRequest'];\n\n\t\tvar_dump($authRequest);\n\n\t\t$response = $authorize-\u003eapprove($authRequest, $user);\n\n\t\t$headers = $response-\u003egetHeaders();\n\t\t$locations = $headers['Location'];\n\n\t\tforeach ($locations as $location) {\n\t\t\theader('Location: ' . $location);\n\t\t}\n\t\tdie();\n\n\t\tsession_destroy();\n\n\t} catch(\\Exception $ex) {\n\n\t}\n}\n```\n\n### Part Two\n\n#### The client will now send a POST request to the authorization server with the following parameters:\n\n    grant_type with the value of authorization_code\n    client_id with the client identifier\n    client_secret with the client secret\n    redirect_uri with the same redirect URI the user was redirect back to\n    code with the authorization code from the query string\n\nNote that you need to decode the code query string first. You can do that with urldecode($code).\n\nThe authorization server will respond with a JSON object containing the following properties:\n\n    token_type with the value Bearer\n    expires_in with an integer representing the TTL of the access token\n    access_token a JWT signed with the authorization server’s private key\n    refresh_token an encrypted payload that can be used to refresh the access token when it expires.\n\n#### Callback\n\n```\nif (isset($_GET['code'])) {\n\t// call part 2. Here I used guzzle http request\n\n\t$code = urldecode($_GET['code']);\n\t$http = new GuzzleHttp\\Client;\n\n\t$response = $http-\u003epost('http://site.com/oauth/access_token', [\n\t    'form_params' =\u003e [\n\t        'grant_type' =\u003e 'authorization_code',\n\t        'client_id' =\u003e 'CLIENT_ID',\n\t        'client_secret' =\u003e 'CLIENT_SECRET',\n\t        'code' =\u003e $code,\n\t    ],\n\t]);\n\n\t$data = json_decode((string) $response-\u003egetBody(), true);\n\n\tvar_dump($data);\n}\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodexshaper%2Fphp-oauth2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodexshaper%2Fphp-oauth2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodexshaper%2Fphp-oauth2/lists"}