PHPackages codeacious/oauth2-provider - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. codeacious/oauth2-provider ActiveLibrary[Authentication & Authorization](/categories/authentication) codeacious/oauth2-provider ========================== A simple and clean Zend Framework 2 wrapper for the oauth2-server-php library v1.0.4(9y ago)63.7k5MITPHPPHP >=5.4 Since Apr 24Pushed 9y ago5 watchersCompare [ Source](https://github.com/CodeaciousAU/zf2-oauth2-provider)[ Packagist](https://packagist.org/packages/codeacious/oauth2-provider)[ RSS](/packages/codeacious-oauth2-provider/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (5)Dependencies (5)Versions (5)Used By (0) oauth2-provider =============== [](#oauth2-provider) A simple and clean Zend Framework 2 wrapper for the oauth2-server-php library. The main features: - It allows OAuth2 Server instances to be configured via the ZF Service Manager - It allows the OAuth2 Server to work with ZF Request and Response objects - It is flexible and minimally invasive, leaving you to manage URLs and routing however you wish - You can accept OAuth 2.0 access tokens via \[Zend\\Authentication\] () - You can accept OAuth 2.0 access tokens via \[ZF\\MvcAuth\] () Installation ------------ [](#installation) 1. Use Composer to add the package `codeacious/oauth2-provider` to your project. 2. Add `Codeacious\OAuth2Provider` to the list of modules to load in your `config/application.config.php` Provider instantiation ---------------------- [](#provider-instantiation) The central class is `Codeacious\OAuth2Provider\Provider`, which wraps an `OAuth2\Server` instance. You interact with the Provider from your own controllers to perform OAuth functions. There are several ways to instantiate a Provider, depending on whether you want to use the Service Manager and whether your project requires more than one Provider. ### Service manager - single instance [](#service-manager---single-instance) `Codeacious\OAuth2Provider\ProviderFactory` is a service factory that creates a single Provider and looks for configuration options under the `oauth2provider` key in your app config. For example, put this in your `config/autoload/global.php` or `module/Application/config/module.config.php`: ``` 'service_manager' => [ 'factories' => [ //Register the factory with whatever service name you like 'MyOAuth2Provider' => 'Codeacious\OAuth2Provider\ProviderFactory', ], ], 'oauth2provider' => [ //Configure the provider here ], ``` From your controller class, you can retrieve the service: ``` $provider = $this->getServiceLocator()->get('MyOAuth2Provider'); ``` ### Service manager - multiple instances [](#service-manager---multiple-instances) `Codeacious\OAuth2Provider\ProviderAbstractFactory` is an abstract factory that allows you to define any number of Providers just by placing uniquely named keys under the `oauth2providers` key in your app config. For example, put this in your `config/autoload/global.php` or `module/Application/config/module.config.php`: ``` 'service_manager' => [ 'abstract_factories' => [ 'Codeacious\OAuth2Provider\ProviderAbstractFactory', ], ], 'oauth2providers' => [ 'MyMainProvider' => [ //Configure the first provider here ], 'MySecondaryProvider' => [ //Configure another provider here ], ], ``` From your controller class, you can retrieve the services using the names you chose: ``` $mainProvider = $this->getServiceLocator()->get('MyMainProvider'); $secondaryProvider = $this->getServiceLocator()->get('MySecondaryProvider'); ``` ### The manual way [](#the-manual-way) You can create a Provider yourself by passing in a preconfigured OAuth server, and your current Request. ``` //Create and configure a Server as per the oauth2-server-php docs $server = new \OAuth2\Server(); $server->addStorage(...); $server->addGrantType(...); //Create a Provider $provider = new \Codeacious\OAuth2Provider\Provider($server, $this->getRequest()); ``` Configuration ------------- [](#configuration) When using the service factories, you can configure the OAuth2 server from your ZF application config array. You can configure storage, request types and most other options using this mechanism. ### Example: OAuth token issuer with PDO storage [](#example-oauth-token-issuer-with-pdo-storage) ``` 'oauth2provider' => [, 'storage' => [ [ 'class' => 'OAuth2\Storage\Pdo', 'options' => [ 'dsn' => 'mysql:host=localhost;dbname=testdb', 'username' => 'user', 'password' => 'secret', ], ] ], 'options' => [ 'allow_implicit' => true, 'auth_code_lifetime' => 60, 'access_lifetime' => 3600, 'refresh_token_lifetime' => 1209600, ], ], ``` ### Example: Custom storage using services [](#example-custom-storage-using-services) ``` 'service_manager' => [ 'invokables' => [ 'MyAccessTokenStorage' => 'MyApp\Storage\AccessToken', 'MyClientStorage' => 'MyApp\Storage\ClientCredentials', ], ], 'oauth2provider' => [ 'storage' => [ //The storage types are inferred from the interfaces these objects implement 'MyAccessTokenStorage', 'MyClientStorage', ], ], ``` ### Example: Assigning storage objects to specific storage types [](#example-assigning-storage-objects-to-specific-storage-types) ``` 'oauth2provider' => [ 'storage' => [ 'access_token' => 'MyDatabaseStorageService', 'client_credentials' => [ 'class' => 'OAuth2\Storage\Memory', 'options' => [ 'client_credentials' => [ 'client1' => [ 'client_id' => 'client1', 'client_secret' => 'abcdefgh', 'redirect_uri' => 'http://localhost', ], ], ], ], ], ], ``` ### Example: Accepting JWT tokens using a public key stored in a file [](#example-accepting-jwt-tokens-using-a-public-key-stored-in-a-file) ``` 'oauth2provider' => [ 'storage' => 'public_key' => [ 'class' => 'Codeacious\OAuth2Provider\Storage\PublicKeyFileStore', 'options' => [ 'public_key' => './config/keys/publickey.pem', 'algorithm' => 'RS256', ], ], ], 'options' => [ 'use_jwt_access_tokens' => true, 'www_realm' => 'My Application', ], ], ``` Usage ----- [](#usage) The oauth2-provider module does not implement any controllers or register any routes. Leaving these aspects to your application gives you more control and flexibility. ### Implementing a token endpoint [](#implementing-a-token-endpoint) Create a controller and set up URL routing as you normally would in Zend Framework. In the action handler for your token action, retrieve the provider you configured in the Service Manager, and call `handleTokenRequest()`. For example: ``` class OAuthController extends AbstractActionController { public function tokenAction() { return $this->getServiceLocator()->get('MyOAuth2Provider') ->handleTokenRequest() ->makeHttpResponse(); } } ``` ### Implementing an authorization endpoint [](#implementing-an-authorization-endpoint) The Authorization endpoint requires you to implement a login form or other mechanism to establish the user's identity. Once you've done that, you can call `handleAuthorizeRequest()` to let the provider take over. Here's a simplistic example: ``` public function authorizationAction() { $provider = $this->getServiceLocator()->get('MyOAuth2Provider'); //Reject the request if it does not comply with OAuth 2.0 rules if (!$provider->validateAuthorizeRequest()) return $provider->makeHttpResponse(); //If the user has submitted the logon form, validate their password $view = new ViewModel(); if ($this->getRequest()->isPost()) { $userId = $this->params()->fromPost('user_id'); $password = $this->params()->fromPost('password'); if ($this->_passwordIsCorrect($userId, $password)) { return $provider ->handleAuthorizeRequest(true, $userId) ->makeHttpResponse(); } else $view->message = 'Your user ID or password was incorrect.'; } return $view; } protected function _passwordIsCorrect($userId, $password) { //Your logic } ``` ### Accepting tokens [](#accepting-tokens) ``` public function myApiEndpointAction() { //Authenticate $provider = $this->getServiceLocator()->get('MyOAuth2Provider'); if (!$provider->verifyResourceRequest()) return $provider->makeHttpResponse(); //Get the authenticated user $userId = $provider->getIdentity()->getUserId(); //Your logic here } ``` ### Accepting tokens using ZF\\MvcAuth [](#accepting-tokens-using-zfmvcauth) ``` 'service_manager' => [ 'factories' => [ //Override the authentication listener from the zf-mvc-auth package 'ZF\MvcAuth\Authentication\DefaultAuthenticationListener' => 'Codeacious\OAuth2Provider\MvcAuth\AuthenticationListenerFactory', ], ], 'zf-mvc-auth' => [ 'authentication' => [ //Tell the authentication listener where to find the Provider instance 'oauth2provider' => 'MyOAuth2Provider', ], ], ``` ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity24 Limited adoption so far Community12 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~168 days Total 5 Last Release 3368d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1758170?v=4)[Glenn Schmidt](/maintainers/glennschmidt)[@glennschmidt](https://github.com/glennschmidt) --- Top Contributors [![glennschmidt](https://avatars.githubusercontent.com/u/1758170?v=4)](https://github.com/glennschmidt "glennschmidt (10 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/codeacious-oauth2-provider/health.svg) ``` [![Health](https://phpackages.com/badges/codeacious-oauth2-provider/health.svg)](https://phpackages.com/packages/codeacious-oauth2-provider) ``` ### Alternatives [zf-commons/zfc-user A generic user registration and authentication module for ZF2. Supports Zend\\Db and Doctrine2. 4851.1M70](/packages/zf-commons-zfc-user)[filsh/yii2-oauth2-server OAuth2 Server for PHP 331523.9k12](/packages/filsh-yii2-oauth2-server)[socalnick/scn-social-auth Uses the HybridAuth PHP library to Enable authentication via Google, Facebook, Twitter, Yahoo!, etc for the ZfcUser ZF2 module. 21974.2k3](/packages/socalnick-scn-social-auth)[bshaffer/oauth2-server-httpfoundation-bridge A bridge to HttpFoundation for oauth2-server-php 522.3M12](/packages/bshaffer-oauth2-server-httpfoundation-bridge)[bshaffer/oauth2-server-bundle Symfony OAuth2ServerBundle 106201.1k1](/packages/bshaffer-oauth2-server-bundle)[chadicus/slim-oauth2-middleware OAuth2 middleware for use within a Slim Framework API 48411.9k1](/packages/chadicus-slim-oauth2-middleware) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)