PHPackages                             gcgov/framework-service-auth-oauth-server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. gcgov/framework-service-auth-oauth-server

ActiveFramework-service[Authentication &amp; Authorization](/categories/authentication)

gcgov/framework-service-auth-oauth-server
=========================================

Plugin enables a full fledged oauth server generating access and refresh tokens. Authentication can be provided as username/password or via third party Oauth providers.

v2.2.0(3w ago)092MITPHPPHP &gt;=8.2CI failing

Since Aug 7Pushed 3w ago1 watchersCompare

[ Source](https://github.com/gcgov/framework-service-auth-oauth-server)[ Packagist](https://packagist.org/packages/gcgov/framework-service-auth-oauth-server)[ RSS](/packages/gcgov-framework-service-auth-oauth-server/feed)WikiDiscussions main Synced yesterday

READMEChangelog (9)Dependencies (22)Versions (17)Used By (0)

Oauth Server Service
====================

[](#oauth-server-service)

Service to extend gcgov/framework
---------------------------------

[](#service-to-extend-gcgovframework)

### Primary purpose

[](#primary-purpose)

- Implement a full Oauth service for authenticating to app. Provides functionality to authenticate users via third party Oauth providers or username/password database.

### Impact to application

[](#impact-to-application)

- Router:
    - Adds routes:
        - Adds route `/.well-known/jwks.json` - provides endpoint to enable front end validation of tokens generated by the app
        - Adds route `/.well-known/openid-configuration` - provides public oauth configuration endpoint
        - Adds route `/auth/fileToken` - create a short lived access token that can be used in the url for supported routes
        - Adds route `/auth/out` - kills refresh token for user and removes any session and cookie data
        - Adds route `/auth/authorize` - GET and POST for authenticating user and generating access and refresh tokens
        - Adds route `/auth/hybridauth/{provider}` - Return endpoint for third party Oauth providers
        - Adds route `/auth/verifyMfaSecret` - used to configure user by validating MFA code and saving MFA secret for user
        - Adds route `/auth/verifyMfaCode` - for validating an MFA code for a user with MFA already configured
    - Adds authentication guard:
        - All routes in application with `authentication=true` must pass this guard. Checks the HTTP Authorization header, or url parameter `fileAccessToken` for routes with `allowShort`.

Installation:
-------------

[](#installation)

- Require using Composer
- Add namespace `\gcgov\framework\services\authoauth` to `\app\app->registerFrameworkServiceNamespaces()`

Configuration
-------------

[](#configuration)

### Allowed Users

[](#allowed-users)

By default, users attempting to sign in who not already present in the user database collection will be prevented from signing in. To enable sign in for any user who passes the third party Oauth provider authentication, set config variable `blockNewUsers=false`. When `blockNewUsers=false`, any user successfully authenticated by the third party Oauth provider will be automatically added to the database user config

```
$oauthConfig = oauthConfig::getInstance();
$oauthConfig->setBlockNewUsers( false );
```

### New User Default Roles

[](#new-user-default-roles)

When `blockNewUsers=false`, new users will be automatically added to the user database collection. To set the default roles that a new user should be assigned at creation, provide the roles to the `setBlockNewUsers` method.

```
$oauthConfig = oauthConfig::getInstance();
$oauthConfig->setBlockNewUsers( false, [ 'Role1.Read', 'Role2.Read', 'Role2.Write' ] );
```

###  Health Score

48

—

FairBetter than 93% of packages

Maintenance94

Actively maintained with recent releases

Popularity11

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 85% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~86 days

Recently: every ~146 days

Total

13

Last Release

25d ago

Major Versions

v1.3.2 → v2.0.02025-08-28

PHP version history (2 changes)v1.0.0PHP &gt;=8.1

v1.3.0PHP &gt;=8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/e97ad9c5583ee03e1f670eba13bd11b81e3374da1941dce10f6da80e5dc6d8eb?d=identicon)[andrewsauder](/maintainers/andrewsauder)

---

Top Contributors

[![andrewsauder](https://avatars.githubusercontent.com/u/1380472?v=4)](https://github.com/andrewsauder "andrewsauder (17 commits)")[![claude](https://avatars.githubusercontent.com/u/81847?v=4)](https://github.com/claude "claude (3 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/gcgov-framework-service-auth-oauth-server/health.svg)

```
[![Health](https://phpackages.com/badges/gcgov-framework-service-auth-oauth-server/health.svg)](https://phpackages.com/packages/gcgov-framework-service-auth-oauth-server)
```

###  Alternatives

[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.7k147.0M289](/packages/league-oauth2-server)[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

585684.2k1](/packages/scheb-2fa)[scheb/2fa-trusted-device

Extends scheb/2fa-bundle with trusted devices support

365.8M34](/packages/scheb-2fa-trusted-device)[contao/core-bundle

Contao Open Source CMS

1231.6M2.8k](/packages/contao-core-bundle)[socialiteproviders/apple

Apple OAuth2 Provider for Laravel Socialite

629.5M15](/packages/socialiteproviders-apple)[amocrm/amocrm-api-library

amoCRM API Client

185798.9k6](/packages/amocrm-amocrm-api-library)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
