Download the PHP package blackcube/oauth2 without Composer
On this page you can find all versions of the php package blackcube/oauth2. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Table of contents
Download blackcube/oauth2
More information about blackcube/oauth2
Files in blackcube/oauth2
Download blackcube/oauth2
More information about blackcube/oauth2
Files in blackcube/oauth2
Vendor blackcube
Package oauth2
Short Description OAuth2/JWT toolbox with multi-population support
License BSD-3-Clause
Homepage https://github.com/blackcubeio/oauth2
Package oauth2
Short Description OAuth2/JWT toolbox with multi-population support
License BSD-3-Clause
Homepage https://github.com/blackcubeio/oauth2
FAQ
After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.
Example:
Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories.
In this case some credentials are needed to access such packages.
Please use the auth.json textarea to insert credentials, if a package is coming from a private repository.
You can look here for more information.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?
Informations about the package oauth2
Blackcube OAuth2
OAuth2/JWT toolbox with multi-population support based on BShaffer oauth2 server.
Installation
Based On
- bshaffer/oauth2-server-php - OAuth2 engine (documentation)
- lcobucci/jwt - JWT handling
Philosophy
This package is a toolbox, not a turnkey solution. It provides interfaces and tools, never concrete implementations. The application that integrates it decides everything: storage, tables, business logic, routes.
Principles:
- Zero imposed tables
- Zero imposed storage (no MySQL/Redis in the package)
- Multi-population support (admin ≠ customer in the same app)
- DRY: scopes can be derived from an existing system (RBAC, config, API...)
Configuration
params.php
di.php
Interfaces to Implement
Your application must provide implementations for these interfaces per population:
| Interface | Purpose |
|---|---|
UserInterface |
User entity with getId, getIdentifier, queryById, queryByIdentifier, queryByIdentifierAndPassword |
ClientInterface |
OAuth2 client entity with getId, getSecret, queryById, validateSecret |
RefreshTokenInterface |
Refresh token entity with save, revoke, queryByToken |
ScopeProviderInterface |
Available scopes, scopes per client |
CypherKeyInterface |
Signing keys (RSA/HMAC) with queryById, queryDefault |
Supported Grants
| Grant | Usage |
|---|---|
| password | User login (mobile, SPA legacy) |
| client_credentials | Service to Service (Node → PHP) |
| authorization_code + PKCE | Mobile, modern SPAs |
| refresh_token | Token renewal |
JWT Claims
| Claim | Description |
|---|---|
| sub | Subject - User ID |
| iss | Issuer - Identifies the population |
| aud | Audience - Token target |
| exp | Expiration timestamp |
| iat | Issued at timestamp |
| scopes | Granted scopes |
Algorithms
| Algorithm | Type | Usage |
|---|---|---|
| RS256 | Asymmetric | Default - Multi-services |
| RS384 | Asymmetric | More secure than RS256 |
| RS512 | Asymmetric | Maximum security |
| HS256 | Symmetric | Simple, shared secret |
| HS384 | Symmetric | More secure than HS256 |
| HS512 | Symmetric | Maximum symmetric security |
Recommendation: RS256/RS384/RS512 if multiple services validate tokens. HS* only if everything stays in the same PHP process.
Key Generation
RSA (RS*)
HMAC (HS*)
Middleware Usage
The middleware injects these attributes into the request:
jwt- Full claims arrayuserId- Subject (sub claim)population- Issuer (iss claim)scopes- Granted scopes array
What This Package Does NOT Do
- Impose tables
- Impose storage (MySQL, Redis, etc.)
- Manage RBAC
- Decide routes
- Impose user/client structure
- Manage sessions
- Provide views (login, authorize, etc.)
License
BSD-3-Clause. See LICENSE.md.
Author
Philippe Gaultier [email protected]
All versions of oauth2 with dependencies
PHP Build Version
Package Version
Requires
php Version
^8.1
bshaffer/oauth2-server-php Version ^v1.14
lcobucci/jwt Version ^5.6
psr/http-message Version ^2.0
psr/http-server-handler Version ^1.0
psr/http-server-middleware Version ^1.0
psr/clock Version ^1.0
bshaffer/oauth2-server-php Version ^v1.14
lcobucci/jwt Version ^5.6
psr/http-message Version ^2.0
psr/http-server-handler Version ^1.0
psr/http-server-middleware Version ^1.0
psr/clock Version ^1.0
The package blackcube/oauth2 contains the following files
Loading the files please wait ...