Download the PHP package r3h6/oauth2-server without Composer
On this page you can find all versions of the php package r3h6/oauth2-server. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download r3h6/oauth2-server
More information about r3h6/oauth2-server
Files in r3h6/oauth2-server
Package oauth2-server
Short Description OAuth2 server for TYPO3
License GPL-2.0-or-later
Informations about the package oauth2-server
OAuth2 Server
OAuth2 server for TYPO3 based on PHP League's OAuth2 Server.
Features:
- Supports all grant types from PHP League's OAuth2 Server
- Scopes can be limited to clients
- Grant types can be limited to clients
- Can be used to protect API's from other extensions
Installation
Only composer supported!
Webserver
Note that depending on the webserver and PHP integration therein you might need some additional configuration.
Specifically Apache + CGI (PHP-FPM) needs additional vhost/htaccess configuration in order to have proper authorization
header handling.
Integration
Create your own public and private keys.
Use the provided key pair only for development.
You must explicit enable the OAuth2 server in your site configuration yaml by adding at least following configuration:
For the authorization code grant you must create a frontend login and a consent page.
This extension provides a TypoScript setup with a basic design.
Create a sysfolder and add a client record.
Endpoints
Endpoint | Description |
---|---|
/oauth2/authorize | GET = Start authorization, POST = Accept, DELETE = Deny |
/oauth2/token | Issues token |
/oauth2/revoke | Revokes an access token |
Configuration
Protecting resources from Extbase plugins.
Extbase-plugins with routing can still be called through query parameters.
Such requests bypass the request validation of this extension.
You should therefore make some htaccess rules denying such request,
implement the request validation by yourself or
use the ExtbaseGuard to check if the request passed the validation.
Middlewares
This extension adds several middlewares to the stack. They must be executed in the expected order in order to work correctly.
Credits
- Marco Huber for handing over the extension key and sharing his ideas