Download the PHP package codewiser/oauth2-resource-server without Composer

On this page you can find all versions of the php package codewiser/oauth2-resource-server. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of codewiser/oauth2-resource-server

Informations about the package oauth2-resource-server

Description

OAuth is an authorization server. It provides and validates tokens. It is the best solution to build distributed api infrastructure.

Infrastructure may consist of many api servers, called Resource Server. Every request those servers accept must contain authorization information — an access_token issued by authorization server.

Every resource server is an OAuth client. It has client_id and client_secret and may issue its own access_token using client credentials grant. Otherhand, it may be a personal access_token, issued by a user in a traditional way. After issuing access_token the server will use it to make requests to the neighbors (other resource servers in the same infrastructure), or to provide access to the local resources.

When server receives request with authorization information, it will introspect (see rfc7662) access_token from request. Api server calls OAuth server and receives from it information about given access_token.

If token is valid and has appropriate scopes, the server will handle the request. If it is not, the server will reply with an error.

RFC

The package based on league/oauth2-client

Prerequisite

Your OAuth server must implement rfc7662 (token introspection endpoint). Take a look at ipunkt/laravel-oauth-introspection.

Installation

Publish package config.

Setup

An environment requires all standard OAuth client properties.

SCOPE is for default scopes for requested access tokens.

Next are optional and has default values.

You may provide full URLs or only paths.

Facades and Middlewares

ResourceServer

ResourceServer is a layer of OAuth-client, that takes responsibility to keep Client Credentials Access Token and to protect API resources.

This will return cached (or newly issued) Client Access Token. Use it call other API servers.

Token may be sent as Athorization header (see rfc6750#section-2.1),
as access_token body parameter (see rfc6750#section-2.2) or
as access_token query parameter (see rfc6750#section-2.3).

Then your server receives API request with Bearer token, it should introspect token on OAuth-server.

In a simple way you may protect the routes with ResourceServerMiddleware. Define it in app/Http/Kernel.php in way you like.

And than protect you route.

Otherwise you may protect group of routes with middleware and validate scope in controllers.

If request were not validated, the throwed exception renders proper response (according to rfc6750).

OAuthClient

OAuthClient is a layer of OAuth-client, that takes responsibility to authorize users and keeps their Personal Access Token.

Authorization server will return user back to CallbackController. You may use built-in or define new one.

So, if we have Personal Access Token we should provide requested information to the user.

In a simple way you may protect the routes with PersonalAccessMiddleware. Define it in app/Http/Kernel.php in way you like.

And than protect you route.

If user has no Personal Access Token he or she will be redirected to Authorization Server.

Cache

All tokens are cached locally for a limited time.

All versions of oauth2-resource-server with dependencies

PHP Build Version
Package Version
Requires league/oauth2-client Version ^2.0
laravel/framework Version >=6.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package codewiser/oauth2-resource-server contains the following files

Loading the files please wait ....