PHPackages                             evgenidev/yii2-oauth2 - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. evgenidev/yii2-oauth2

ActiveYii2-extension[Authentication &amp; Authorization](/categories/authentication)

evgenidev/yii2-oauth2
=====================

Simple PHP OAuth2 Server for Yii2

1.0.0(4y ago)0339proprietaryPHPPHP &gt;=7.1.0

Since Dec 1Pushed 4y ago1 watchersCompare

[ Source](https://github.com/evgenidev/yii2-oauth2)[ Packagist](https://packagist.org/packages/evgenidev/yii2-oauth2)[ RSS](/packages/evgenidev-yii2-oauth2/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (1)Dependencies (1)Versions (2)Used By (0)

Yii2 OAuth2 Extension
=====================

[](#yii2-oauth2-extension)

Installation
------------

[](#installation)

The preferred way to install this extension is through [composer](http://getcomposer.org/download/).

Either run:

```
php composer.phar require --prefer-dist evgenidev/yii2-oauth2 "*"
```

or add:

```
"evgenidev/yii2-oauth2": "*"
```

to the `require` section of your composer.json.

To use this extension, add the following code in your application configuration:

```
'modules' => [
    'oauth2' => [
        'class' => \EvgeniDev\Yii2\OAuth2\Module::class,
        'accessTokenLifetime' => 3600 * 12,
        'identityClass' => \app\models\User::class,
    ],
],
```

Also add bootstrap param:

```
'bootstrap' => [
    'oauth2',
],
```

If you want to add a custom authorize view file simple add a authorizeView parameter to oauth2 module.

```
'modules' => [
    'oauth2' => [
        'class' => \EvgeniDev\Yii2\OAuth2\Module::class::class,
        'accessTokenLifetime' => 3600 * 12,
        'identityClass' => \app\models\User::class,
        'authorizeViewPath' => '@app/views/your_view',
        'layout' => '@app/views/your_layout',
    ],
],
```

The basic authorize view you can find here:

`./vendor/evgenidev/yii2-oauth2/src/views/authorize/index.php`

For SPA application you should configure spaApp parameter. By default, you will get a response from server on json format. If you need other response format, you can add a responseFormat parameter:

```
use yii\web\Response;

'modules' => [
    'oauth2' => [
        'class' => \EvgeniDev\Yii2\OAuth2\Module::class,
        'accessTokenLifetime' => 3600 * 12,
        'identityClass' => \app\models\User::class,
        'spaApp' => true,
        'responseFormat' => Response::FORMAT_XML,
    ],
],
```

Create a migration in your project and expend from \\EvgeniDev\\Yii2\\OAuth2\\Migrations\\Oauth.

```
use EvgeniDev\Yii2\OAuth2\Migrations\OAuth2;

/**
 * Your oauth migration.
 */
class m191117_223223_oauth extends OAuth2
{

}
```

This migration creates the oauth2 database scheme and insert test data.

Apply migration.

On the next step you should add url rule to urlManager, like this:

```
'urlManager' => [
    'rules' => [
        'oauth2/authorize' => 'oauth2/authorize',
        'oauth2/access_token' => 'oauth2/access-token',
    ],
],
```

Usage
-----

[](#usage)

It is simple to add a new OAuth client. Use a command:

```
./yii oauth2/default/create-client http://redirect.com clientName
```

GET request example to get a code:

`https://yoursite.com/oauth/authorize?response_type=code&client_id=clientID&state=someState&redirect_uri=http://site.com/url`

With redirect response:

`http://site.com/url?code=gjkmo5ufhvkdmjgnbdJklsdfFQPfdfg456nfdsjfnjsdnf&state=someState`

After that you need to do a POST request with params like:

`https://yoursite.com/oauth/access_token`

```
"grant_type": "authorization_code"
"code": "gjkmo5ufhvkdmjgnbdJklsdfFQPfdfg456nfdsjfnjsdnf"
"client_id": "testClientID"
"client_secret": "testClientSecret"
"redirect_uri": "http://site.com/url"
```

If user is unauthorized, module will redirect to Yii::$app-&gt;user-&gt;loginUrl with GET param redirectUrl:

`https://yoursite.com/loginUrl?redirectUrl=xxx`

So you can redirect user to a redirectUrl after success authorization.

If you want to control OAuth2 server through the interface (admin and etc.), you can find all necessary models to do that in:

`./vendor/evgenidev/yii2-oauth2/Records/*`

and

`./vendor/evgenidev/yii2-oauth2/Services/*`

To use this extension, simply add the behaviors for your base controller:

```
use yii\helpers\ArrayHelper;
use yii\filters\auth\CompositeAuth;
use yii\filters\auth\HttpBearerAuth;
use yii\filters\auth\QueryParamAuth;

class Controller extends \yii\rest\Controller
{
    /**
     * {@inheritDoc}
     */
    public function behaviors()
    {
        return ArrayHelper::merge(parent::behaviors(), [
            'authenticator' => [
                'class' => CompositeAuth::class,
                'authMethods' => [
                    ['class' => HttpBearerAuth::class],
                    ['class' => QueryParamAuth::class, 'tokenParam' => 'accessToken'],
                ],
            ],
        ]);
    }
}
```

To identify a client you can use a function findIdentityByAccessToken() in your User identity AR model:

```
use EvgeniDev\Yii2\OAuth2\Records\OAuthAccessToken;
use yii\db\ActiveRecord;
use yii\web\IdentityInterface;

/**
 * User AR model.
 */
class User extends ActiveRecord implements IdentityInterface
{
    /**
     * {@inheritDoc}
     */
    public static function findIdentityByAccessToken($token, $type = null)
    {
        $oauthToken = OAuthAccessToken::find()
            ->byAccessToken($token)
            ->one();

        if ($oauthToken === null || $oauthToken->getExpiresAt() < date('Y-m-d H:i:s')) {
            return null;
        }

        return self::find()
            ->where(['id' => $oauthToken->getUserID()])
            ->one();
    }
}
```

###  Health Score

24

—

LowBetter than 32% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity14

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity45

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1623d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/5ec498a8f8cccdfc082fcbe00aa4fc8474ccc88c514d4be258a46fcf1419688e?d=identicon)[evgenidev](/maintainers/evgenidev)

---

Top Contributors

[![evgenidev](https://avatars.githubusercontent.com/u/38226245?v=4)](https://github.com/evgenidev "evgenidev (2 commits)")

---

Tags

oauthoauth2yii2extensionmodule

### Embed Badge

![Health badge](/badges/evgenidev-yii2-oauth2/health.svg)

```
[![Health](https://phpackages.com/badges/evgenidev-yii2-oauth2/health.svg)](https://phpackages.com/packages/evgenidev-yii2-oauth2)
```

###  Alternatives

[filsh/yii2-oauth2-server

OAuth2 Server for PHP

331523.9k12](/packages/filsh-yii2-oauth2-server)[budyaga/yii2-users

Module for manage users and their rights with the support of registration through social services and assigned to each user more than one social service.

409.1k](/packages/budyaga-yii2-users)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)