Download the PHP package hawksama/module-oauth-security-plus without Composer

On this page you can find all versions of the php package hawksama/module-oauth-security-plus. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package module-oauth-security-plus

OAuth Security Plus for Magento 2

Magento 2.4.x License

A powerful module that whitelists IP addresses for Magento 2 REST and SOAP Admin API token generation. Helps prevent unauthorized API access by ensuring only requests from trusted IPs can create admin tokens.


๐Ÿšซ Why Attackers Try to Steal the Admin Token (OAuth Access Token)

A stolen Admin OAuth Token gives attackers full control over your store, posing serious security risks:

  1. Order and Customer Data Theft

    • Attackers can extract orders and customer data (emails, phone numbers, addresses).
    • Exposing personal data can lead to GDPR, CCPA, or other compliance violations.
  2. Fraudulent Order Manipulation

    • Malicious actors may modify product prices or create fake discount rules.
    • They can also manipulate stock levels to disrupt product availability.
  3. Malicious Code Injection

    • Attackers can use API access to inject malware or redirect customers to malicious sites.
    • This can jeopardize website integrity and user trust.
  4. Data Deletion or Ransomware

    • They might delete all products, orders, or customer accounts.
    • Potentially demand ransom payments to restore lost data.
  5. DDoS or API Abuse
    • Repeated API requests can slow down or crash your server, leading to downtime and lost revenue.

In short, securing your API tokens is essential to protecting both your customers and your business.


๐ŸŒŸ Overview

This module intercepts OAuth Token creation requests and checks if the requesting IP is on a whitelist. If not, the request is blocked and logged. Key highlights:


๐Ÿš€ Key Features

Feature Description
OAuth IP Whitelisting Intercepts admin token requests and checks if the source IP is allowed.
CLI Management Quickly add or remove IPs from the whitelist using bin/magento commands.
Logging & Auditing Logs both allowed and blocked attempts, storing username & IP for reference.
Caching for Performance Minimizes repeated config lookups for quick IP checks.
Enabled/Disabled Easily turn the module on or off using config.

๐Ÿ›  Installation

Install via Composer

The recommended way to install this module is via Composer.


โš™๏ธ CLI Usage

Example commands:


๐Ÿ›  Use Cases

๐Ÿ”’ Production Security

๐Ÿ—๏ธ Development & Staging

๐Ÿ•ต๏ธ Auditing & Analytics


โ“ FAQ

  1. Does it block the entire Admin login?
    • No, only blocks admin OAuth (API) token creation. The web-based Admin UI remains unaffected.
  2. How do I add IPv6 addresses?
    • IPv6 is supported as long as you pass the proper string format. For advanced subnet rules, consider extending the plugin.
  3. Where is the log file stored?
    • By default, unauthorized attempts are logged in var/log/api_security_plus.log.

๐Ÿงฐ Technical Details


๐Ÿ“ฎ Support & Contribution


Protect your Magento 2 store by limiting OAuth Admin Token generation to trusted IPsโ€”simple, fast, and secure.


All versions of module-oauth-security-plus with dependencies

PHP Build Version
Package Version
Requires magento/framework Version *
magento/module-integration Version 100.4.*
hawksama/magento2-admin-menu Version ^1.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package hawksama/module-oauth-security-plus contains the following files

Loading the files please wait ....