Download the PHP package arietimmerman/laravel-oauth-introspect-middleware without Composer

On this page you can find all versions of the php package arietimmerman/laravel-oauth-introspect-middleware. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package laravel-oauth-introspect-middleware

Latest Stable Version Total Downloads

Especially for a microservices architecture, authentication and authorization functions should be delegated. Protecting resources is best done by implementing the web services as a pure OAuth2 resource server, relying on token verification on a remote authorization server.

Laravel Middleware for OAuth 2.0 Token Introspection

Laravel Passport provides a full OAuth2 server implementation, yet misses optional OAuth2 functionalties as defined in OAuth 2.0 Token Introspection (RFC7662).

The Introspection endpoint is provided by ipunkt/laravel-oauth-introspection. This package provides the middleware required for verifying an access token against a remote Introspection endpoint.

Note: To prevent token scanning attacks, the endpoint MUST also require some form of authorization to access this endpoint. The provided middleware assumes the introspection endpoint requires an OAuth2 Bearer token retrieved using a client credentials grant. Therefore, you MUST provide a valid client id and client secret.

Installation

Install the package on your resource server

composer require arietimmerman/laravel-oauth-introspect-middleware

and add the Service Provider in your config/app.php

~~~.php 'providers' => [ // [..] \ArieTimmerman\Laravel\OAuth2\ServiceProvider::class // [..] ];


and add the MiddleWare in your `App/Http/Kernel.php`

~~~.php
protected $routeMiddleware = [
    // [..]
    'verifyaccesstoken' => \ArieTimmerman\Laravel\OAuth2\VerifyAccessToken::class,
    // Or
    'verifyaccesstoken_has_any' => \ArieTimmerman\Laravel\OAuth2\VerifyAccessTokenHasAnyScope::class,
    // [..]   
];

publish the configuration

php artisan vendor:publish

Configuration

In your .env file, define the following properties

~~~.properties

Url of the authorization server

AUTHORIZATION_SERVER_URL="https://authorization.server.dom"

Client Identifier as defined in https://tools.ietf.org/html/rfc6749#section-2.2

AUTHORIZATION_SERVER_CLIENT_ID="123"

The client secret

AUTHORIZATION_SERVER_CLIENT_SECRET="abcdefg"

Endpoint for requesting the access token

AUTHORIZATION_SERVER_TOKEN_URL="${AUTHORIZATION_SERVER_URL}/oauth/token"

The OAuth2 Introspection endpoint https://tools.ietf.org/html/rfc7662

AUTHORIZATION_SERVER_INTROSPECT_URL="${AUTHORIZATION_SERVER_URL}/oauth/introspect"

Optional configuration for requesting an OAuth2 access tokens using the implicit grant flow

AUTHORIZATION_SERVER_AUTHORIZATION_URL="${AUTHORIZATION_SERVER_URL}/oauth/authorize" AUTHORIZATION_SERVER_REDIRECT_URL=https://my.machine.dom


Now, use the middleware.

~~~.php
Route::group(['middleware'=>'verifyaccesstoken:required-scope1,required-scope2'], function () {
    Route::get('/endpoint1', 'UserController@index');
    Route::resource('/resource', 'OrderController');
});

// or if only one of the scopes from the list is required
Route::group(['middleware'=>'verifyaccesstoken_has_any:required-scope1,required-scope2'], function () {
    Route::get('/endpoint1', 'UserController@index');
    Route::resource('/resource', 'OrderController');
});

All versions of laravel-oauth-introspect-middleware with dependencies

PHP Build Version
Package Version
Requires php Version ^7.0|^8.0
guzzlehttp/guzzle Version ^6.0|^7.0
illuminate/support Version ^6.0|^7.0|^8.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package arietimmerman/laravel-oauth-introspect-middleware contains the following files

Loading the files please wait ....