PHPackages                             ekreative/oauth2-symfony-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. ekreative/oauth2-symfony-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

ekreative/oauth2-symfony-bundle
===============================

Symfony OAuth2Bundle

5.2.0(7y ago)28.6k2[2 PRs](https://github.com/ekreative/oauth2-symfony-bundle/pulls)MITPHPPHP &gt;=7.2

Since Jul 1Pushed 5y ago3 watchersCompare

[ Source](https://github.com/ekreative/oauth2-symfony-bundle)[ Packagist](https://packagist.org/packages/ekreative/oauth2-symfony-bundle)[ Docs](https://github.com/authbucket/oauth2-symfony-bundle)[ RSS](/packages/ekreative-oauth2-symfony-bundle/feed)WikiDiscussions master Synced 2w ago

READMEChangelogDependencies (28)Versions (80)Used By (0)

OAuth2Bundle
============

[](#oauth2bundle)

[![Build Status](https://camo.githubusercontent.com/1efca540660eb2c5ca5df60bf884bc65d37d467b8526990ddd9ebf54096cae9e/68747470733a2f2f7472617669732d63692e6f72672f656b726561746976652f6f61757468322d73796d666f6e792d62756e646c652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/ekreative/oauth2-symfony-bundle)[![Latest Stable Version](https://camo.githubusercontent.com/b72d84e099d7f48cb12ff7118e079f83aa5d17faf72bcfcb2cc994b632daaba3/68747470733a2f2f706f7365722e707567782e6f72672f656b726561746976652f6f61757468322d73796d666f6e792d62756e646c652f762f737461626c652e737667)](https://packagist.org/packages/ekreative/oauth2-symfony-bundle)[![License](https://camo.githubusercontent.com/5d0046357b75f4f8d0d3e236d861922d808089e167e943ac05c420825c668462/68747470733a2f2f706f7365722e707567782e6f72672f656b726561746976652f6f61757468322d73796d666f6e792d62756e646c652f6c6963656e73652e737667)](https://packagist.org/packages/ekreative/oauth2-symfony-bundle)

The primary goal of OAuth2Bundle is to develop a standards compliant [RFC6749 OAuth2.0](http://tools.ietf.org/html/rfc6749) library

This library bundle with a [Symfony](http://symfony.com) based Bundle for unit test and demo purpose. Installation and usage can refer as below.

Installation
------------

[](#installation)

Simply add a dependency on `ekreative/oauth2-symfony-bundle` to your project's `composer.json` file if you use [Composer](http://getcomposer.org/) to manage the dependencies of your project.

Here is a minimal example of a `composer.json`:

```
{
    "require": {
        "ekreative/oauth2-symfony-bundle": "^6.0"
    }
}

```

### Parameters

[](#parameters)

This bundle come with following parameters:

- `model`: (Optional) Override this with your own model classes, default with in-memory AccessToken for using resource firewall with remote debug endpoint.
- `driver`: (Optional) Currently we support in-memory (`in_memory`), or Doctrine ORM (`orm`). Default with in-memory for using resource firewall with remote debug endpoint.
- `user_provider`: (Optional) For using `grant_type = password`, override this parameter with your own user provider, e.g. using InMemoryUserProvider or a Doctrine ORM EntityRepository that implements UserProviderInterface.

### Services

[](#services)

This bundle come with following services controller which simplify the OAuth2.0 controller implementation overhead:

- `authbucket_oauth2.authorization_controller`: Authorization Endpoint controller.
- `authbucket_oauth2.token_controller`: Token Endpoint controller.
- `authbucket_oauth2.debug_controller`: Debug Endpoint controller.

### Registering

[](#registering)

You have to add `AuthBucketOAuth2Bundle` to your `AppKernel.php`:

```
# app/AppKernel.php

class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = [
            new AuthBucket\Bundle\OAuth2Bundle\AuthBucketOAuth2Bundle(),
        ];

        return $bundles;
    }
}

```

Moreover, enable following bundles if that's not already the case:

```
$bundles = [
    new Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
    new Symfony\Bundle\SecurityBundle\SecurityBundle(),
    new Symfony\Bundle\MonologBundle\MonologBundle(),
];

```

Usage
-----

[](#usage)

This library seperate the endpoint logic in frontend firewall and backend controller point of view, so you will need to setup both for functioning.

To enable the built-in controller with corresponding routing, add the following into your `routing.yml`, all above controllers will be enabled accordingly with routing prefix `/api/oauth2`:

```
# app/config/routing.yml

authbucketoauth2bundle:
    prefix:     /api/oauth2
    resource:   "@AuthBucketOAuth2Bundle/Resources/config/routing.yml"

```

Below is a list of recipes that cover some common use cases.

### Authorization Endpoint

[](#authorization-endpoint)

We don't provide custom firewall for this endpoint, which you should protect it by yourself, authenticate and capture the user credential, e.g. by [SecurityBundle](http://symfony.com/doc/current/reference/configuration/security.html):

```
# app/config/security.yml

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        default:
            memory:
                users:
                    demousername1:  { roles: 'ROLE_USER', password: demopassword1 }
                    demousername2:  { roles: 'ROLE_USER', password: demopassword2 }
                    demousername3:  { roles: 'ROLE_USER', password: demopassword3 }

    firewalls:
        api_oauth2_authorize:
            pattern:                ^/api/oauth2/authorize$
            http_basic:             ~
            provider:               default

```

### Token Endpoint

[](#token-endpoint)

Similar as authorization endpoint, we need to protect this endpoint with our custom firewall `oauth2_token`:

```
# app/config/security.yml

security:
    firewalls:
        api_oauth2_token:
            pattern:                ^/api/oauth2/token$
            oauth2_token:           ~

```

### Debug Endpoint

[](#debug-endpoint)

We should protect this endpoint with our custom firewall `oauth2_resource`:

```
# app/config/security.yml

security:
    firewalls:
        api_oauth2_debug:
            pattern:                ^/api/oauth2/debug$
            oauth2_resource:        ~

```

### Resource Endpoint

[](#resource-endpoint)

We don't provide other else resource endpoint controller implementation besides above debug endpoint. You should consider implement your own endpoint with custom logic, e.g. fetching user email address or profile image.

On the other hand, you can protect your resource server endpoint with our custom firewall `oauth2_resource`. Shorthand version (default assume resource server bundled with authorization server, query local model manager, without scope protection):

```
# app/config/security.yml

security:
    firewalls:
        api_resource:
            pattern:                ^/api/resource
            oauth2_resource:        ~

```

Longhand version (assume resource server bundled with authorization server, query local model manager, protect with scope `demoscope1`):

```
# app/config/security.yml

security:
    firewalls:
        api_resource:
            pattern:                ^/api/resource
            oauth2_resource:
                resource_type:      model
                scope:              [ demoscope1 ]

```

If authorization server is hosting somewhere else, you can protect your local resource endpoint by query remote authorization server debug endpoint:

```
# app/config/security.yml

security:
    firewalls:
        api_resource:
            pattern:                ^/api/resource
            oauth2_resource:
                resource_type:      debug_endpoint
                scope:              [ demoscope1 ]
                options:
                    debug_endpoint: http://example.com/api/oauth2/debug
                    cache:          true

```

Demo
----

[](#demo)

The demo is based on [Symfony](http://symfony.com/) and [AuthBucketOAuth2Bundle](https://github.com/ekreative/oauth2-symfony-bundle/blob/master/src/OAuth2Bundle/AuthBucketOAuth2Bundle.php). Read though Demo for more information.

You may run the demo locally. Open a console and execute the following command to install the latest version in the `oauth2-symfony-bundle` directory:

```
$ composer create-project ekreative/oauth2-symfony-bundle ekreative/oauth2-symfony-bundle "^6.0"

```

Then use the PHP built-in web server to run the demo application:

```
$ cd ekreative/oauth2-symfony-bundle
$ ./bin/console server:run

```

Open your browser and access the  URL to see the Welcome page of demo application.

Also access [http://127.0.0.1:8000/admin/refresh\_database](http://127.0.0.1:8000/admin/refresh_database) to initialize the bundled SQLite database with user account `admin`:`secrete`.

Tests
-----

[](#tests)

This project is coverage with [PHPUnit](http://phpunit.de/) test cases; CI result can be found from [Travis CI](https://travis-ci.org/ekreative/oauth2-symfony-bundle);

To run the test suite locally, execute the following command:

```
$ ./vendor/bin/phpunit

```

References
----------

[](#references)

- [RFC6749](http://tools.ietf.org/html/rfc6749)
- [Demo](http://oauth2-symfony-bundle.authbucket.com/demo)
- [API](http://authbucket.github.io/oauth2-symfony-bundle/)
- [GitHub](https://github.com/authbucket/oauth2-symfony-bundle)
- [Packagist](https://packagist.org/packages/authbucket/oauth2-symfony-bundle)
- [Travis CI](https://travis-ci.org/authbucket/oauth2-symfony-bundle)
- [Coveralls](https://coveralls.io/r/authbucket/oauth2-symfony-bundle)

License
-------

[](#license)

- Code released under [MIT](https://github.com/authbucket/oauth2-symfony-bundle/blob/master/LICENSE)

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity23

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity73

Established project with proven stability

 Bus Factor1

Top contributor holds 93.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~26 days

Recently: every ~129 days

Total

75

Last Release

2799d ago

Major Versions

3.1.0 → 4.1.02016-11-26

3.1.1 → 4.1.22017-04-20

3.1.2 → 4.1.52017-05-16

3.1.6 → 4.2.02017-06-03

3.2.0 → 5.0.0-alpha12017-06-12

PHP version history (4 changes)1.0.0-alpha1PHP &gt;=5.3.3

2.0.0PHP &gt;=5.3.9

3.0.0PHP &gt;=5.5.9

5.2.0PHP &gt;=7.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/7039999f29a83140d61116032ec1684c752412e458ad1999e15eea2f8808498c?d=identicon)[mcfedr](/maintainers/mcfedr)

---

Top Contributors

[![hswong3i](https://avatars.githubusercontent.com/u/780562?v=4)](https://github.com/hswong3i "hswong3i (337 commits)")[![mcfedr](https://avatars.githubusercontent.com/u/704356?v=4)](https://github.com/mcfedr "mcfedr (21 commits)")[![stepotronic](https://avatars.githubusercontent.com/u/683595?v=4)](https://github.com/stepotronic "stepotronic (1 commits)")

---

Tags

symfonyoauth2

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/ekreative-oauth2-symfony-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/ekreative-oauth2-symfony-bundle/health.svg)](https://phpackages.com/packages/ekreative-oauth2-symfony-bundle)
```

###  Alternatives

[rcsofttech/audit-trail-bundle

Enterprise-grade, high-performance Symfony audit trail bundle. Automatically track Doctrine entity changes with split-phase architecture, multiple transports (HTTP, Queue, Doctrine), and sensitive data masking.

1175.2k](/packages/rcsofttech-audit-trail-bundle)[sulu/sulu

Core framework that implements the functionality of the Sulu content management system

1.3k1.4M196](/packages/sulu-sulu)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

51390.8k3](/packages/web-auth-webauthn-framework)[sylius/sylius

E-Commerce platform for PHP, based on Symfony framework.

8.5k5.8M717](/packages/sylius-sylius)[shopware/core

Shopware platform is the core for all Shopware ecommerce products.

585.4M526](/packages/shopware-core)[tempest/framework

The PHP framework that gets out of your way.

2.2k31.1k12](/packages/tempest-framework)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
