PHPackages                             gcgov/framework-service-auth-oauth-server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. gcgov/framework-service-auth-oauth-server

ActiveFramework-service[Authentication &amp; Authorization](/categories/authentication)

gcgov/framework-service-auth-oauth-server
=========================================

Plugin enables a full fledged oauth server generating access and refresh tokens. Authentication can be provided as username/password or via third party Oauth providers.

v2.0.0(8mo ago)086MITPHPPHP &gt;=8.2

Since Aug 7Pushed 8mo ago1 watchersCompare

[ Source](https://github.com/gcgov/framework-service-auth-oauth-server)[ Packagist](https://packagist.org/packages/gcgov/framework-service-auth-oauth-server)[ RSS](/packages/gcgov-framework-service-auth-oauth-server/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (8)Dependencies (6)Versions (13)Used By (0)

Oauth Server Service
====================

[](#oauth-server-service)

Service to extend gcgov/framework
---------------------------------

[](#service-to-extend-gcgovframework)

### Primary purpose

[](#primary-purpose)

- Implement a full Oauth service for authenticating to app. Provides functionality to authenticate users via third party Oauth providers or username/password database.

### Impact to application

[](#impact-to-application)

- Router:
    - Adds routes:
        - Adds route `/.well-known/jwks.json` - provides endpoint to enable front end validation of tokens generated by the app
        - Adds route `/.well-known/openid-configuration` - provides public oauth configuration endpoint
        - Adds route `/auth/fileToken` - create a short lived access token that can be used in the url for supported routes
        - Adds route `/auth/out` - kills refresh token for user and removes any session and cookie data
        - Adds route `/auth/authorize` - GET and POST for authenticating user and generating access and refresh tokens
        - Adds route `/auth/hybridauth/{provider}` - Return endpoint for third party Oauth providers
        - Adds route `/auth/verifyMfaSecret` - used to configure user by validating MFA code and saving MFA secret for user
        - Adds route `/auth/verifyMfaCode` - for validating an MFA code for a user with MFA already configured
    - Adds authentication guard:
        - All routes in application with `authentication=true` must pass this guard. Checks the HTTP Authorization header, or url parameter `fileAccessToken` for routes with `allowShort`.

Installation:
-------------

[](#installation)

- Require using Composer
- Add namespace `\gcgov\framework\services\authoauth` to `\app\app->registerFrameworkServiceNamespaces()`

Configuration
-------------

[](#configuration)

### Allowed Users

[](#allowed-users)

By default, users attempting to sign in who not already present in the user database collection will be prevented from signing in. To enable sign in for any user who passes the third party Oauth provider authentication, set config variable `blockNewUsers=false`. When `blockNewUsers=false`, any user successfully authenticated by the third party Oauth provider will be automatically added to the database user config

```
$oauthConfig = oauthConfig::getInstance();
$oauthConfig->setBlockNewUsers( false );
```

### New User Default Roles

[](#new-user-default-roles)

When `blockNewUsers=false`, new users will be automatically added to the user database collection. To set the default roles that a new user should be assigned at creation, provide the roles to the `setBlockNewUsers` method.

```
$oauthConfig = oauthConfig::getInstance();
$oauthConfig->setBlockNewUsers( false, [ 'Role1.Read', 'Role2.Read', 'Role2.Write' ] );
```

###  Health Score

38

—

LowBetter than 85% of packages

Maintenance59

Moderate activity, may be stable

Popularity10

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~75 days

Total

11

Last Release

262d ago

Major Versions

v1.3.2 → v2.0.02025-08-28

PHP version history (2 changes)v1.0.0PHP &gt;=8.1

v1.3.0PHP &gt;=8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/e97ad9c5583ee03e1f670eba13bd11b81e3374da1941dce10f6da80e5dc6d8eb?d=identicon)[andrewsauder](/maintainers/andrewsauder)

---

Top Contributors

[![andrewsauder](https://avatars.githubusercontent.com/u/1380472?v=4)](https://github.com/andrewsauder "andrewsauder (14 commits)")

### Embed Badge

![Health badge](/badges/gcgov-framework-service-auth-oauth-server/health.svg)

```
[![Health](https://phpackages.com/badges/gcgov-framework-service-auth-oauth-server/health.svg)](https://phpackages.com/packages/gcgov-framework-service-auth-oauth-server)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k49.1M350](/packages/tymon-jwt-auth)[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.6k136.0M248](/packages/league-oauth2-server)[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

578630.7k1](/packages/scheb-2fa)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

8359.8M53](/packages/php-open-source-saver-jwt-auth)[jeffgreco13/filament-breezy

A custom package for Filament with login flow, profile and teams support.

1.0k1.7M41](/packages/jeffgreco13-filament-breezy)[scheb/2fa-trusted-device

Extends scheb/2fa-bundle with trusted devices support

355.1M16](/packages/scheb-2fa-trusted-device)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)