{"id":37010038,"url":"https://github.com/nojimage/cakephp-oauth-server","last_synced_at":"2026-01-14T00:58:48.675Z","repository":{"id":56977068,"uuid":"232988534","full_name":"nojimage/cakephp-oauth-server","owner":"nojimage","description":"OAuth2 Server for CakePHP 3.x","archived":false,"fork":true,"pushed_at":"2024-04-04T07:49:30.000Z","size":218,"stargazers_count":5,"open_issues_count":2,"forks_count":3,"subscribers_count":0,"default_branch":"0.8.x","last_synced_at":"2025-11-17T01:19:16.736Z","etag":null,"topics":["authentication","authorization","cakephp","cakephp-plugin","oauth2","oauth2-server"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"rchavik/oauth-server","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nojimage.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-01-10T07:15:07.000Z","updated_at":"2024-04-04T07:35:04.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nojimage/cakephp-oauth-server","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/nojimage/cakephp-oauth-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nojimage%2Fcakephp-oauth-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nojimage%2Fcakephp-oauth-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nojimage%2Fcakephp-oauth-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nojimage%2Fcakephp-oauth-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nojimage","download_url":"https://codeload.github.com/nojimage/cakephp-oauth-server/tar.gz/refs/heads/0.8.x","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nojimage%2Fcakephp-oauth-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28407626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T00:40:43.272Z","status":"ssl_error","status_checked_at":"2026-01-14T00:40:42.636Z","response_time":56,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authorization","cakephp","cakephp-plugin","oauth2","oauth2-server"],"created_at":"2026-01-14T00:58:30.493Z","updated_at":"2026-01-14T00:58:48.657Z","avatar_url":"https://github.com/nojimage.png","language":"PHP","readme":"# OAuth2 Server for CakePHP 3\n\n[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.txt)\n[![Build Status](https://img.shields.io/travis/nojimage/cakephp-oauth-server/0.8.x.svg?style=flat-square)](https://travis-ci.org/nojimage/cakephp-oauth-server)\n\nA plugin for implementing an OAuth2 server in CakePHP 3. Built on top of the [PHP League's OAuth2 Server](http://oauth2.thephpleague.com/). Currently we support the following grant types: AuthCode, RefreshToken, ClientCredentials.\n\nThis repository is a fork of [uafrica/oauth-server](https://github.com/uafrica/oauth-server).\n\n## Requirements\n\n- PHP \u003e= 7.1 with openssl extension\n- CakePHP \u003e= 3.5\n- Database (MySQL, SQLite tested)\n\n## Installation\n\nYou can install this plugin into your CakePHP application using. Run:\n\n```bash\ncomposer require elstc/cakephp-oauth-server\n```\n\n### Load plugin\n\n(CakePHP \u003e= 3.6.0) Load the plugin by adding the following statement in your project's `src/Application.php`:\n\n```php\n$this-\u003eaddPlugin('OAuthServer');\n```\n\n(CakePHP \u003c= 3.5.x) Load the plugin by adding the following statement in your project's `config/bootstrap.php` file:\n\n```php\nPlugin::load('OAuthServer', ['bootstrap' =\u003e true, 'route' =\u003e true]);\n```\n\n### Run database migration\n\nThe database migrations need to be run.\n\n```bash\nbin/cake migrations migrate -p OAuthServer\n```\n\n### Generating and setup keys\n\nGenerating `private and public keys` (see also https://oauth2.thephpleague.com/installation/):\n\n```bash\nopenssl genrsa -out config/oauth.pem 2048\nopenssl rsa -in config/oauth.pem -pubout -out config/oauth.pub\n```\n\nGenerating `encryption key` :\n\n```bash\nvendor/bin/generate-defuse-key\n(COPY result hash)\n```\n\nChange your app.php, Add `OAuthServer` configuration :\n\n```php\n    'OAuthServer' =\u003e [\n        'privateKey' =\u003e CONFIG . 'oauth.pem',\n        'publicKey' =\u003e CONFIG . 'oauth.pub',\n        'encryptionKey' =\u003e 'def0000060c80a6856e8...', // \u003c- SET encryption key FROM `vendor/bin/generate-defuse-key`\n    ],\n```\n\nNOTICE: private key and encryption key is confidential. Try to set as much as possible with environment variables and not upload to the source code repository.\n\n### for Apache HTTP Server + php-fpm or php-cgi\n\nAuthorization header is not transparent in Apache HTTP Server with php-fpm.\nSo some settings are needed.\n\nAdding the following statement to webroot/.htaccess:\n\n```\n# Apache HTTP Server 2.4.13 and later and use mod_proxy / mod_proxy_fcgi\nCGIPassAuth on\n\n# Apache HTTP Server 2.4.12 and older\nSetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n```\n\nAnd apply `\\OAuthServer\\Middleware\\AuthorizationEnvironmentMiddleware` on your application:\n\n```php\nclass Application extends BaseApplication\n{\n    public function middleware($middleware)\n    {\n        $middleware\n            -\u003eadd(ErrorHandlerMiddleware::class)\n\n            -\u003eadd(AssetMiddleware::class)\n\n            // ADD THIS: bypass Authorization environment to request header\n            -\u003eadd(\\OAuthServer\\Middleware\\AuthorizationEnvironmentMiddleware::class)\n\n            -\u003eadd(RoutingMiddleware::class);\n\n        return $middleware;\n    }\n}\n```\n\nIt is recommended to insert between AssetMiddleware and RoutingMiddleware.\n\n## Configuration\n\nIt is assumed that you already have working Form based authentication using the built in CakePHP 3 authentication component.\nIf you do not, please read [the authentication chapter](http://book.cakephp.org/3.0/en/controllers/components/authentication.html).\n\nSet OAuthServer as an authentication adaptor.\n\nIn your `AppController::beforeFilter()` method, add (or modify)\n\n```php\n$this-\u003eAuth-\u003econfig('authenticate', [\n    'Form',\n    'OAuthServer.OAuth'\n]);\n```\n\nChange your login method to look as follows:\n\n```php\npublic function login()\n{\n    if ($this-\u003erequest-\u003eis('post')) {\n        $user = $this-\u003eAuth-\u003eidentify();\n        if ($user) {\n            $this-\u003eAuth-\u003esetUser($user);\n\n            $redirectUri = $this-\u003eAuth-\u003eredirectUrl();\n            if ($this-\u003erequest-\u003egetQuery('redir') === 'oauth') {\n                $redirectUri = [\n                    'plugin' =\u003e 'OAuthServer',\n                    'controller' =\u003e 'OAuth',\n                    'action' =\u003e 'authorize',\n                    '?' =\u003e $this-\u003erequest-\u003egetQueryParams(),\n                ];\n            }\n\n            return $this-\u003eredirect($redirectUri);\n        } else {\n            $this-\u003eFlash-\u003eerror(\n                __('Username or password is incorrect'),\n                'default',\n                [],\n                'auth'\n            );\n        }\n    }\n}\n```\n\nAlternatively, if you are using the [Friends Of Cake CRUD plugin](https://github.com/friendsofcake/crud), add\n\n```php\n'login' =\u003e [\n    'className' =\u003e 'OAuthServer.Login'\n]\n```\n\nto your CRUD actions config.\n\n## Usage\n\nThe base OAuth2 path is `example.com/oauth`.\n\nIn order to add clients and OAuth scopes you need to create a `ClientsController` and a `ScopesController` (Which is not part of this plugin)\n\nThe simplest way is to make use of the [Friends Of Cake CRUD-View plugin](https://github.com/friendsofcake/crud-view).\n\nInstall it by running\n\n```bash\n$ composer require friendsofcake/bootstrap-ui:dev-master\n$ composer require friendsofcake/crud:dev-master\n$ composer require friendsofcake/crud-view:dev-master\n```\n\nThen create a `ClientsController` that looks like:\n\n```php\n\u003c?php\nnamespace App\\Controller;\n\nuse Crud\\Controller\\ControllerTrait;\n\n/**\n * OauthClients Controller\n *\n * @property \\OAuthServer\\Model\\Table\\OauthClientsTable $Clients\n */\nclass ClientsController extends AppController\n{\n\n    use ControllerTrait;\n\n    public $modelClass = 'OAuthServer.Clients';\n\n    /**\n     * @return void\n     */\n    public function initialize()\n    {\n        parent::initialize();\n        $this-\u003eviewClass = 'CrudView\\View\\CrudView';\n        $tables = [\n            'Clients',\n            'Scopes'\n        ];\n        $this-\u003eloadComponent('Crud.Crud', [\n            'actions' =\u003e [\n                'index' =\u003e [\n                    'className' =\u003e 'Crud.Index',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables\n                    ]\n                ],\n                'view' =\u003e [\n                    'className' =\u003e 'Crud.View',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables\n                    ]\n                ],\n                'edit' =\u003e [\n                    'className' =\u003e 'Crud.Edit',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables,\n                        'fields' =\u003e [\n                            'name',\n                            'redirect_uri',\n                            'parent_model',\n                            'parent_id' =\u003e [\n                                'label' =\u003e 'Parent ID',\n                                'type' =\u003e 'text'\n                            ]\n                        ]\n                    ]\n                ],\n                'add' =\u003e [\n                    'className' =\u003e 'Crud.Add',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables,\n                        'fields' =\u003e [\n                            'name',\n                            'redirect_uri',\n                            'parent_model',\n                            'parent_id' =\u003e [\n                                'label' =\u003e 'Parent ID',\n                                'type' =\u003e 'text'\n                            ]\n                        ]\n                    ]\n                ],\n                'delete' =\u003e [\n                    'className' =\u003e 'Crud.Delete',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables\n                    ]\n                ],\n            ],\n            'listeners' =\u003e [\n                'CrudView.View',\n                'Crud.RelatedModels',\n                'Crud.Redirect',\n                'Crud.Api'\n            ],\n        ]);\n    }\n}\n```\n\nAnd a `ScopesController` that looks like:\n\n```php\n\u003c?php\nnamespace App\\Controller;\n\nuse Crud\\Controller\\ControllerTrait;\n\n/**\n * Scopes Controller\n *\n * @property \\OAuthServer\\Model\\Table\\OauthScopesTable $Scopes\n */\nclass ScopesController extends AppController\n{\n\n    use ControllerTrait;\n\n    public $modelClass = 'OAuthServer.Scopes';\n\n    /**\n     * @return void\n     */\n    public function initialize()\n    {\n        parent::initialize();\n        $this-\u003eviewClass = 'CrudView\\View\\CrudView';\n        $tables = [\n            'Clients',\n            'Scopes'\n        ];\n        $this-\u003eloadComponent('Crud.Crud', [\n            'actions' =\u003e [\n                'index' =\u003e [\n                    'className' =\u003e 'Crud.Index',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables\n                    ]\n                ],\n                'view' =\u003e [\n                    'className' =\u003e 'Crud.View',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables\n                    ]\n                ],\n                'edit' =\u003e [\n                    'className' =\u003e 'Crud.Edit',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables,\n                        'fields' =\u003e [\n                            'id' =\u003e [\n                                'label' =\u003e 'ID',\n                                'type' =\u003e 'text'\n                            ],\n                            'description',\n                        ]\n                    ]\n                ],\n                'add' =\u003e [\n                    'className' =\u003e 'Crud.Add',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables,\n                        'fields' =\u003e [\n                            'id' =\u003e [\n                                'label' =\u003e 'ID',\n                                'type' =\u003e 'text'\n                            ],\n                            'description',\n                        ]\n                    ]\n                ],\n                'delete' =\u003e [\n                    'className' =\u003e 'Crud.Delete',\n                    'scaffold' =\u003e [\n                        'tables' =\u003e $tables\n                    ]\n                ],\n            ],\n            'listeners' =\u003e [\n                'CrudView.View',\n                'Crud.RelatedModels',\n                'Crud.Redirect',\n            ],\n        ]);\n    }\n}\n```\n\n## Customisation\n\nThe OAuth2 Server can be customised, the look for the various pages can be changed by creating templates in `Template/Plugin/OAuthServer/OAuth`\n\nThe server also fires a number of events that can be used to inject values into the process. The current events fired are:\n\n* `OAuthServer.beforeAuthorize` - On rendering of the approval page for the user.\n* `OAuthServer.afterAuthorize` - On the user authorising the client\n* `OAuthServer.afterDeny` - On the user denying the client\n\nYou can customise the OAuth authorise page by creating a overriding template file in `src/Template/Plugin/OAuthServer/OAuth/authorize.ctp`\n\n### Component/Authenticator Options\n\n- `OAuthServer.privateKey`\n\nREQUIRED: Set your private key filepath.\n\nThe key file should be don't readable other user. (file permission is `400`, `440`, `600`, `640`, `660`)\n\n- `OAuthServer.publicKey`\n\nREQUIRED: Set your public key filepath. That generated from the above private key.\n\nThe key file should be don't readable other user. (file permission is `400`, `440`, `600`, `640`, `660`)\n\n- `OAuthServer.encryptionKey`\n\nREQUIRED: Set your encryption key string. That generated from `vendor/bin/generate-defuse-key` command.\n\n- `OAuthServer.accessTokenTTL`\n\nOptional: Set access token TTL. Specify a format that can be interpreted by the [DateInterval](https://www.php.net/manual/en/dateinterval.construct.php) class.\n\ndefault: `PT1H` (1 hour)\n\n- `OAuthServer.refreshTokenTTL`\n\nOptional: Set refresh token TTL. Specify a format that can be interpreted by the [DateInterval](https://www.php.net/manual/en/dateinterval.construct.php) class.\n\ndefault: `P1M` (1 month)\n\n- `OAuthServer.authCodeTTL`\n\nOptional: Set auth code TTL. Specify a format that can be interpreted by the [DateInterval](https://www.php.net/manual/en/dateinterval.construct.php) class.\n\ndefault: `PT10M` (10 minutes)\n\n- `OAuthServer.supportedGrants`\n\nOptional: Set supported grant types. This option can be the following list: `AuthCode`, `RefreshToken`, `ClientCredentials`, `Password`.\n\ndefault: `['AuthCode', 'RefreshToken', 'ClientCredentials', 'Password']`\n\n- `OAuthServer.passwordAuthenticator`\n\nOptional: Set Authenticator that use password grant. Set this if your application uses a non default authenticator.\n\ndefault: `Form`\n\n### OAuthAuthenticate Options\n\n- `continue`\n\nOptional: If set to true, if OAuth authentication fails, not stop processing there.\nUse this when you want to use only authentication information without requiring login.\n\ndefault: `false`\n\n- `fields.username`\n\nOptional: Specify the user's primary key field.\n\ndefault: `id`\n\nmore configuration options see: https://book.cakephp.org/3.0/en/controllers/components/authentication.html#configuring-authentication-handlers\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnojimage%2Fcakephp-oauth-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnojimage%2Fcakephp-oauth-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnojimage%2Fcakephp-oauth-server/lists"}