{"id":27161001,"url":"https://github.com/flownative/flow-oauth2-client","last_synced_at":"2025-04-09T00:08:34.064Z","repository":{"id":26870042,"uuid":"111439711","full_name":"flownative/flow-oauth2-client","owner":"flownative","description":"A generic OAuth2 client base implementation for Flow Framework applications","archived":false,"fork":false,"pushed_at":"2025-03-05T17:04:17.000Z","size":194,"stargazers_count":5,"open_issues_count":3,"forks_count":8,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-05T18:22:28.069Z","etag":null,"topics":["flow","flow-framework","neoscms","oauth2","oauth2-client","php"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flownative.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-20T17:10:02.000Z","updated_at":"2024-12-10T22:29:13.000Z","dependencies_parsed_at":"2025-03-05T18:20:45.792Z","dependency_job_id":"dab6a5b7-8b03-4333-a854-b847972ea4ec","html_url":"https://github.com/flownative/flow-oauth2-client","commit_stats":{"total_commits":88,"total_committers":7,"mean_commits":"12.571428571428571","dds":"0.21590909090909094","last_synced_commit":"9f4e7803e5d4ad5c328da4ea09c2e86670574ce1"},"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fflow-oauth2-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fflow-oauth2-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fflow-oauth2-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flownative%2Fflow-oauth2-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flownative","download_url":"https://codeload.github.com/flownative/flow-oauth2-client/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247947857,"owners_count":21023066,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flow","flow-framework","neoscms","oauth2","oauth2-client","php"],"created_at":"2025-04-09T00:08:33.555Z","updated_at":"2025-04-09T00:08:34.055Z","avatar_url":"https://github.com/flownative.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT)\n[![Packagist](https://img.shields.io/packagist/v/flownative/oauth2-client.svg)](https://packagist.org/packages/flownative/oauth2-client)\n[![Maintenance level: Love](https://img.shields.io/badge/maintenance-%E2%99%A1%E2%99%A1%E2%99%A1-ff69b4.svg)](https://www.flownative.com/en/products/open-source.html)\n\n# OAuth 2.0 Client for Flow Framework\n\nThis [Flow](https://flow.neos.io) package provides an OAuth 2.0 client\nSDK. Even though it can be used as a generic OAuth2 client, it was\ndeveloped as a backing library for the\n[OpenID Connect package](https://github.com/flownative/flow-openidconnect-client).\nThat's why documentation for this package is a bit sparse at the moment\nand examples for generic use are missing.\n\n## Authorizations\n\nThis package stores states and tokens as \"authorizations\" in a dedicated\ndatabase table.  \n\nFor example, during the authorization code flow, this package needs to\nkeep track of a \"state\" in order to make sense of an incoming \"finish\nauthorization\" request. Another example is the client credentials flow,\nwhere an access token is stored in the authorizations table which is\nneeded for executing authorized requests to the respective service.\n\n### Token lifetime\n\nNew Authorization tokens are created with a lifetime of 600 seconds\n(10 minutes) by default.\nThe expiration date is updated during authentication if a different\n`expires` parameter is specified in the OAuth2 access token.\n\nThe default token lifetime and frequency of expired tokens to be removed\nautomatically can be configured:\n\n```yaml\nFlownative:\n  OAuth2:\n    Client:\n      garbageCollection:\n        # The probability in percent of a client shutdown triggering a garbage\n        # collection which removes expired tokens.\n        #\n        # Examples:\n        #    1    (would be a 1% chance to clean up)\n        #   20    (would be a 20% chance to clean up)\n        #    0.42 (would be a 0.42 % chance to clean up)\n        probability: 1\n    token:\n      # default lifetime of new tokens in seconds\n      defaultLifetime: 600\n```\n\nNote: By setting the `defaultLifetime` to `null`, new tokens won't expire\nby default.\n\n### Authorization metadata\n\nAuthorizations also may contain developer-provided metadata. For\nexample, you may attach an account identifier to an authorization when\nan authorization process starts and use that information when\nauthorization finishes to make sure that the authorization is only used\nfor a specific account (or customer number, or participant id).\n\nTo set metadata, you need to know the authorization id when starting the\nauthorization code flow. This code could be used in an overloaded\n`startAuthorizationAction()`:\n\n```php\n$authorizationId = $oAuthClient-\u003egenerateAuthorizationIdForAuthorizationCodeGrant($this-\u003eappId);\n$loginUri = $oAuthClient-\u003estartAuthorizationWithId(\n    $authorizationId,\n    $this-\u003eappId,\n    $this-\u003eappSecret,\n    $returnToUri,\n    $scope\n);\n$oAuthClient-\u003esetAuthorizationMetadata($authorizationId, json_encode($metadata));\n```\n\nAnd later, in `finishAuthorization()`, you may retrieve the metadata as\nfollows:\n\n```php\n$authorization = $this-\u003egetAuthorization($authorizationId);\n$metadata = json_decode($authorization-\u003egetMetadata());\n```\n\n## Encryption\n\nBy default, access tokens are serialized and stored unencrypted in the\n\"authorizations\" database table. You can improve the security of your\napplication by enabling the encrypted-at-rest feature of this package.\nwhen active, it will encrypt tokens before storing them in the database\nand decrypt them automatically when they are retrieved. The secret key\nwhich is needed for encryption and decryption is not stored in the\ndatabase.\n\nThis package uses the \"ChaCha20-Poly1305-IETF\" construction for\nauthenticated encryption / decryption of serialized tokens. It uses the\n[\"sodium\" PHP extension](https://www.php.net/sodium) if installed, or\n[a polyfill implementation](https://packagist.org/packages/paragonie/sodium_compat)\nin pure PHP.\n\n### Generating a Secret Key\n\nThe OAuth2 Flow package provides a CLI command for generating encryption\nkeys suitable for the currently supported encryption method:\n\n```bash\n$ ./flow oauth:generateencryptionkey\nqpBzrH7icQqBKenvk8wTKROv4qcJNxslzdGo3IKXmws=\n```\n\nThe key is base64-encoded in order to simplify handling and being able\nto pass the key via Flow settings.\n\n### Enabling Encryption\n\nSet the encryption key via Flow settings (for example in your global\n\"Configuration/Settings.yaml\"). Make sure to deploy this setting\nsecurely, for example by creating the Settings file during deployment or\nby using environment variables.\n\n```yaml\nFlownative:\n  OAuth2:\n    Client:\n      encryption:\n        base64EncodedKey: 'qpBzrH7icQqBKenvk8wTKROv4qcJNxslzdGo3IKXmws='\n```\n\n### Verifying Encryption Configuration\n\nWhen you have set the encryption key, test that everything is working as\nexpected. Run your application so that a new authorization is created.\nCheck the database table `flownative_oauth2_client_authorization`: the\ncolumn `serializedaccesstoken` should be empty and the column\n`encryptedserializedaccesstoken` should contain a long string similar to\nhis one:\n\n```\nChaCha20-Poly1305-IETF$Mjdj4s9IFrPp6HFK$k9v3x…KQ==\n```\n\nThere are three parts in this string, separated by two dollar signs:\n\n1. the construction used for encryption (\"ChaCha20-Poly1305-IETF\")\n2. the nonce used for this particular entry (\"Mjdj4s9IFrPp6HFK\")\n3. the encrypted data (\"k9v3x…KQ==\")\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflownative%2Fflow-oauth2-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflownative%2Fflow-oauth2-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflownative%2Fflow-oauth2-client/lists"}