Download the PHP package john-peterson-g17/oauth-token-management without Composer

On this page you can find all versions of the php package john-peterson-g17/oauth-token-management. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of john-peterson-g17/oauth-token-management

Informations about the package oauth-token-management

OAuth 2.0 Token Management

This project seeks to be an unbiased framework agnostic module for managing tokens in the OAuth 2.0 per RFC 6749. More specifically if you were creating an Authorization Server this package would be the module within that Authorization Server responsible for:

  1. Issueing Tokens
  2. Revoking Tokens
  3. Refreshing Access Tokens
  4. etc..

Reference the definition of the Authorization Server in OAuth 2.0 as defined in RFC 6749

Concepts

Authorization Gate

The class through which most of your interaction with this package will ocurr. It is responsible for issuing tokens (via Grant), authorizing access, refreshing access tokens, etc.. Think of it as the core module within your OAuth2 Authorization Server.

Grant

A Grant is set of tokens that are issued to a client along with some other meta data. It is a statement of successful authentication and access granted to the system. Grants are immutable.

You can retrieve the data for a grant via various methods.

The idea is that you can use the data from the Grant object to construct your "success" API response to your client as shown in RFC 6749 Section 5.1

Reference:

Installation

To install simply require the package via the composer command:

Setup

The first step to using the package is to setup the Authorization Gate (which is the module responsible for issuing, revoking, authorizing, and refreshing tokens etc..). This can be done by defining the configuration and creating the AuthorizationGate object with that configuration

In the case that invalid types are passed or invalid values for the configuration options then an \InvalidArgumentException will be thrown.

Configuration Options

There are many options available for configuring your authorization gate. The list of available configuration options is given in the table below.

Configuration Option Description Type Default
issuer The URL of the service that issued the token. This will be placed in the iss claim of any tokens created by this Authorization Gate. string http://localhost.com
key The key used when hashing the token during token creation string secret
access_token_expiration The amount of time in seconds that access tokens should be set to expire int 3600
refresh_token_expiration The amount of time in seconds that refresh tokens should be set to expire int 86400
hashing_algorithm The hashing algorithm to use when creating a new token \JohnPetersonG17\OAuthTokenManagement\HashingAlgorithm HashingAlgorithm::HS256
persistance_driver The persistance driver to use when storing the tokens \JohnPetersonG17\OAuthTokenManagement\Persistance\Driver Driver::None

Info: Remember that configuration options are expected to be given as an array of key value pairs using the key listed in the table above

Persistance

By default there is no persistance driver used. This is useful for cases where you want to handle how your tokens are persisted and want the package to take care of only generating the tokens.

Warning: Many functions of the authorization gate will throw an \JohnPetersonG17\OAuthTokenManagement\Exceptions\PersistanceDriverNotSetException if no persistance driver is set. Example: You cannot retrieve a token if it is not persisted anywhere.

If you want to let the package have the responsability of persisting tokens to a data store then you can set one of the available persistence drivers as shown below.

Redis Persistance Driver

You can set the package to use redis to persist your tokens by setting the redis persistance driver in the configuration. You may then pass an additional key redis with an array of options for configuring connection to a redis server.

Under the hood, the predis client is used for connection/communication with redis so any options passed inside the redis key will be passed directly to predis. Thus all predis configuration options are supported.

Predis Reference: https://github.com/predis/predis

Usage

Once you have configured and created an Authentication Gate you can then call all the avaialble function on the gate to create and check tokens.

Warning: Many functions of the authorization gate will throw an \JohnPetersonG17\OAuthTokenManagement\Exceptions\PersistanceDriverNotSetException if no persistance driver is set. Example: You cannot retrieve a token if it is not persisted anywhere.

Granting Access to a User (Issuing a Grant)

Use this method to grant a user an access and refresh token.

The tokens are returned in a Grant object which holds the tokens and other information about the grant to the user.

Authorizing a User (Validating the Access Token For a User)

Use this method to verify a users access token is valid and they can access the system.

In the case that the access token is not valid or is expired then an exception will be thrown.

Revoking a Users Tokens (User Logout)

Use this method to revoke a users tokens/grant. Usually this would be done when a user explicitly logs out of the system.

Refresh a Users Access Token

Use this method to refresh a users access token, this allows a user to "stay logged in" to your system until the refresh token expires.

Retrieve a Users Tokens

This method is more for quality if life in the case that you need to get the existing tokens/grant for a user.

Contributing

Reference our CONTRIBUTING document for instructions on how to contribute to this project.

Everyone is welcome to contribute!

All versions of oauth-token-management with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2
firebase/php-jwt Version ^6.10
ramsey/uuid Version ^4.7
predis/predis Version ^2.2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package john-peterson-g17/oauth-token-management contains the following files

Loading the files please wait ....