PHPackages                             dingo/oauth2-server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. dingo/oauth2-server

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

dingo/oauth2-server
===================

PHP OAuth 2.0 implementation.

v0.2.2(12y ago)7993725[2 issues](https://github.com/dingo/oauth2-server/issues)[2 PRs](https://github.com/dingo/oauth2-server/pulls)1BSD-3-ClausePHP

Since Apr 7Pushed 9y ago6 watchersCompare

[ Source](https://github.com/dingo/oauth2-server)[ Packagist](https://packagist.org/packages/dingo/oauth2-server)[ RSS](/packages/dingo-oauth2-server/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (6)Dependencies (4)Versions (9)Used By (1)

PHP OAuth 2.0 Server
====================

[](#php-oauth-20-server)

A PHP OAuth 2.0 server implementation.

[![Build Status](https://camo.githubusercontent.com/6f7d4e7fa6133718b4f2a1ae5f9c9a474b0774c613decbcaf214342fff160eb7/68747470733a2f2f7472617669732d63692e6f72672f64696e676f2f6f61757468322d7365727665722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/dingo/oauth2-server)

Installation
------------

[](#installation)

The package can be installed with Composer, either by modifying your `composer.json` directly or using the `composer require` command.

```
composer require dingo/oauth2-server:0.1.*

```

> Note that this package is still under development and has not been tagged as stable.

Grant Types
-----------

[](#grant-types)

All four OAuth 2.0 grant types detailed in the specification are implemented within this package.

- [Authorization Code](http://tools.ietf.org/html/rfc6749#section-1.3.1)
- [Implicit](http://tools.ietf.org/html/rfc6749#section-1.3.2)
- [Resource Owner Password Credentials](http://tools.ietf.org/html/rfc6749#section-1.3.3)
- [Client Credentials](http://tools.ietf.org/html/rfc6749#section-1.3.4)

Storage Adapters
----------------

[](#storage-adapters)

As of v0.1.0 the following storage adapters are available.

- `Dingo\OAuth2\Storage\MySqlAdapter`
- `Dingo\OAuth2\Storage\RedisAdapter`

Using the [dingo/oauth2-server-laravel](https://github.com/dingo/oauth2-server-laravel) package you also have.

- `Dingo\OAuth2\Storage\FluentAdapter`

### MySQL Table Structure

[](#mysql-table-structure)

The following is the table structure required for the MySQL storage adapter. When developing your own storage adapters you can use this structure as a starting point.

```
CREATE TABLE IF NOT EXISTS `oauth_authorization_codes` (
  `code` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `client_id` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `user_id` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `redirect_uri` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`code`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE IF NOT EXISTS `oauth_authorization_code_scopes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `code` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `scope` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`id`),
  KEY `code` (`code`,`scope`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1;

CREATE TABLE IF NOT EXISTS `oauth_clients` (
  `id` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `secret` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `name` varchar(100) COLLATE utf8_unicode_ci NOT NULL,
  `trusted` tinyint(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE IF NOT EXISTS `oauth_client_endpoints` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `client_id` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `uri` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `is_default` tinyint(1) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1;

CREATE TABLE IF NOT EXISTS `oauth_scopes` (
  `scope` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `name` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  `description` text COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`scope`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE IF NOT EXISTS `oauth_tokens` (
  `token` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `type` enum('access','refresh') COLLATE utf8_unicode_ci NOT NULL DEFAULT 'access',
  `client_id` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `user_id` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`token`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

CREATE TABLE IF NOT EXISTS `oauth_token_scopes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `token` varchar(40) COLLATE utf8_unicode_ci NOT NULL,
  `scope` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`id`),
  KEY `token` (`token`,`scope`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=1;
```

Usage Guide
-----------

[](#usage-guide)

This guide is very brief and is framework agnostic. It's purpose is to simply demonstrate how the pieces come together and is not meant to be used as a real world implementation. As such there will be no mention of where each piece of code belongs.

Before we continue you should be aware of what the following terms mean.

TermMeaning**Client**An application, e.g., a PHP web application.**User**The applications user, also known as the *resource owner*.### Clients

[](#clients)

In OAuth 2.0 a client is an application that acts on behalf of a user and talks to the Authorization and Resource servers.

The package is capable of creating clients, however, no user interface is provided with the package. To create a client you'll need a storage adapter instance.

```
$storage = new Dingo\OAuth2\Storage\MySqlAdapter(new PDO('mysql:host=localhost;dbname=oauth', 'root'));
```

You can now get the client storage and create a new client.

```
$storage->get('client')->create('id', 'secret', 'name', [['uri' => 'http://example.com/code', 'default' => true]]);
```

A client is expected to have at least ONE associated endpoint and it should be defined as the default endpoint. Clients can have multiple endpoints for testing or staging servers.

```
$storage->get('client')->create('id', 'secret', 'name', [
	['uri' => 'http://example.com/code', 'default' => true],
	['uri' => 'http://staging.example.com/code', 'default' => false]
]);
```

A client can be set as "trusted", meaning you can perform a quick check before authorizing and if the client is marked as "trusted" then it will be automatically authorized. The fifth parameter must be set to `true` to mark the client as "trusted".

```
$storage->get('client')->create('id', 'secret', 'name', [['uri' => 'http://example.com/code', 'default' => true]], true);
```

You can also delete a client. This will also delete an associated endpoints.

```
$storage->get('client')->delete('id');
```

For the rest of the guide it will be assumed that you have created a client similar to the following.

```
$storage->get('client')->create('id', 'secret', 'name', [['uri' => 'http://localhost/example-client/auth/code', 'default' => true]]);
```

### Scopes

[](#scopes)

When a client requests a users authorization the client will often request specific permissions, these permissions are refered to as a **scope**. A scope defines what the client has permission to see or do. Essentially they provide developers with even finer control over what a client can access.

The package is capable of creating scopes, however, no user interface is provided with the package. To create a scope you'll need a storage adapter instance.

```
$storage = new Dingo\OAuth2\Storage\MySqlAdapter(new PDO('mysql:host=localhost;dbname=oauth', 'root'));
```

You can now get the scope storage and create a new scope.

```
$storage->get('scope')->create('scope', 'name', 'description');
```

You can also delete a scope.

```
$storage->get('scope')->delete('scope');
```

This guide will not utilize scopes, however, feel free to create and use them.

### Authorization Server

[](#authorization-server)

The responsibilities of the Authorization Server are to authorize and issue access tokens to clients. Depending on the configuration the Authorization Server will also issue a refresh token which the client should store for when the access token expires.

To issue an access token the Authorization Server must be configured with the desired storage adapter and grant types.

```
$storage = new Dingo\OAuth2\Storage\MySqlAdapter(new PDO('mysql:host=localhost;dbname=oauth', 'root'));

$server = new Dingo\OAuth2\Server\Authorization($storage);
```

We can now register the four different grant types depending on the projects requirements. For this guide we'll only be using the standard Authorization Code grant type.

```
$server->registerGrant(new Dingo\OAuth2\Grant\AuthorizationCode);
```

We'll now need a route that will handle the attempted authorization. This guide will assume this route is at `http://localhost/example-server/authorize`.

```