PHPackages heihei/yii2-oauth2-server - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. heihei/yii2-oauth2-server ActiveYii2-extension[Authentication & Authorization](/categories/authentication) heihei/yii2-oauth2-server ========================= PHP 5.6+ Oauth2 server integration for the Yii framework 2.0.0(8y ago)050BSD-3-ClausePHPPHP >=5.6.0 Since Aug 31Pushed 8y ago1 watchersCompare [ Source](https://github.com/heiheisoft/yii2-oauth2)[ Packagist](https://packagist.org/packages/heihei/yii2-oauth2-server)[ RSS](/packages/heihei-yii2-oauth2-server/feed)WikiDiscussions devel Synced 2mo ago READMEChangelog (1)Dependencies (5)Versions (3)Used By (0) Oauth2 Yii2 integration ======================= [](#oauth2-yii2-integration) This extension allow the developper to use [Oauth2](https://bshaffer.github.io/oauth2-server-php-docs/) server. [![Latest Stable Version](https://camo.githubusercontent.com/4d8f1ec200508768575d314f7e71e6d6268912507efe8cb312b9010803b2dd70/68747470733a2f2f706f7365722e707567782e6f72672f6865696865692f796969322d6f61757468322d7365727665722f762f737461626c65)](https://packagist.org/packages/heihei/yii2-oauth2-server)[![Build Status](https://camo.githubusercontent.com/b64a43ac31bc2f9c1e93b8426409db11a487014719679d2b80ddf48a16bdafe3/68747470733a2f2f6170692e7472617669732d63692e6f72672f686569686569736f66742f796969322d6f61757468322e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/heiheisoft/yii2-oauth2)[![License](https://camo.githubusercontent.com/62c6533b1e54d8e6a8685e47f59cdf434d4b4a4225b89f701f190d46a095f24d/68747470733a2f2f706f7365722e707567782e6f72672f6865696865692f796969322d6f61757468322d7365727665722f6c6963656e7365)](https://packagist.org/packages/heihei/yii2-oauth2-server) [![Latest Development Version](https://camo.githubusercontent.com/da9290457cc26b65f8faba577f924f94512f24929311567c357a38320d6772fd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f756e737461626c652d646576656c2d79656c6c6f77677265656e2e737667)](https://packagist.org/packages/heihei/yii2-oauth2-server)[![Build Status](https://camo.githubusercontent.com/d429e1fcea22b0584b0b07ccd9827b18c3c095388c4b19f6870e28f5462232e1/68747470733a2f2f7472617669732d63692e6f72672f686569686569736f66742f796969322d6f61757468322e7376673f6272616e63683d646576656c)](https://travis-ci.org/heiheisoft/yii2-oauth2)[![composer.lock](https://camo.githubusercontent.com/3195a900b0a45c05eed5e2421d911e312140c7c0a6fdf57d0995c3cffe361e71/68747470733a2f2f706f7365722e707567782e6f72672f6865696865692f796969322d6f61757468322d7365727665722f636f6d706f7365726c6f636b)](https://packagist.org/packages/heihei/yii2-oauth2-server) Installation ------------ [](#installation) If you use Packagist for installing packages, then you can update your composer.json like this : ``` { "require": { "heihei/yii2-oauth2-server": "~2.0.0" } } ``` Howto use it ------------ [](#howto-use-it) Add extension to your configuration ``` return [ //.... 'bootstrap' => [ //.... 'oauth2', //.... ], 'modules' => [ //.... 'oauth2' => [ 'class' => 'sweelix\oauth2\server\Module', 'backend' => 'redis', 'db' => 'redis', 'identityClass' => 'app\models\User', // only if you don't want to use the user identityClass // // Parameters // ], //.... ], //.... ]; ``` Configure Module ---------------- [](#configure-module) ### Basic module parameters [](#basic-module-parameters) - `backend` : can only be **redis** for the moment - `db` : id of the redis component or connection or connection configuration - `identityClass` : user class used to link oauth2 authorization system default to user component `identityClass` - `webUserParamId` : allow separation between main app user (session) and module app user, (default to **\_\_oauth2**) - `identityCookieName` : allow separation between main app user (cookie) and module app user, (default to **oauth2**) - `webUser` : allow full management of module web user, (default to **\[\]**) - `baseEndPoint` : base path for token and authorize endpoints default to `''` - Token endpoint - Authorize endpoint - `overrideLayout` : override module layout to use another one (ex: @app/views/layouts/oauth2) - `overrideViewPath` : override view path to use specific one (ex: @app/views/oauth2) ### Grants management [](#grants-management) - `allowImplicit` : allow implicit grant (default to **false**) - `allowAuthorizationCode` : allow authorization code grant (default to **true**) - `allowClientCredentials` : allow client credentials grant (default to **true**) - `allowPassword` : allow user credentials / password grant (default to **true**) - `allowCredentialsInRequestBody` : allow credentials in request body (default to **true**) - `allowPublicClients` : allow public clients (default to **true**) - `alwaysIssueNewRefreshToken` : always issue refresh token (default to **true**) - `unsetRefreshTokenAfterUse` : unset refresh token after use (default to **true**) ### JWT parameters [](#jwt-parameters) - `allowJwtAccessToken` : enable JWT (default : **false**) - `allowAlgorithm` : available algorithm for JWT (default : **\['RS256', 'RS384', 'RS512'\]**) - `jwtAudience` : default to token endpoint - `storeEncryptedTokenString` : store encrypted token (default : **true**) ### Time To Live [](#time-to-live) - `idTTL` : TTL of ID Token (default to **3600**) - `accessTokenTTL` : TTL of access token (default to **3600**) - `refreshTokenTTL` : TTL of refresh token (default to **14 \* 24 \* 3600**) ### Basic Oauth names [](#basic-oauth-names) - `realm` : Realm value (default to **Service**) - `tokenQueryName` : name of the access token parameter (default to **access\_token**) - `tokenBearerName` : name of authorization header (default to **Bearer**) ### Enforce parameters [](#enforce-parameters) - `enforceState` : enforce state parameter (default to **true**) - `allowOnlyRedirectUri` : need exact redirect URI (default to **true**) ### OpenID [](#openid) - `allowOpenIdConnect` : enable openId connect (default : **false**) // not implemented yet ### Authorization Code parameters [](#authorization-code-parameters) - `enforceRedirect` : enforce redirect parameter (default to **false**) - `authorizationCodeTTL` : TTL of authorization code (default to **30**) ### CORS [](#cors) - `cors` : enable `CORS` on the token endpoint (default : **false**) the CORS part can be defined using an array as described [in Yii documentation](http://www.yiiframework.com/doc-2.0/yii-filters-cors.html) ``` return [ //.... 'bootstrap' => [ //.... 'oauth2', //.... ], 'modules' => [ //.... 'oauth2' => [ 'class' => 'sweelix\oauth2\server\Module', 'backend' => 'redis', 'db' => 'redis', 'identityClass' => 'app\models\User', // only if you don't want to use the user identityClass // // Cors parameters example : // 'cors' => [ 'Origin' => ['https://www.myowndomain.com'], ] ], //.... ], //.... ]; ``` User identity and Web user -------------------------- [](#user-identity-and-web-user) Configure the user component to link oauth2 system and user / identity management ``` return [ //.... 'components' => [ //.... 'user' => [ 'class' => 'sweelix\oauth2\server\web\User', 'identityClass' => 'app\models\User', // Identity class must implement UserModelInterface // // Parameters // ], //.... ], //.... ]; ``` `IdentityClass` must implements `sweelix\oauth2\server\interfaces\UserModelInterface`. You can use the trait `sweelix\oauth2\server\traits\IdentityTrait` to automagically implement - `public function getRestrictedScopes()` - `public function setRestrictedScopes($scopes)` - `public static function findIdentityByAccessToken($token, $type = null)` you will have to implement the remaining methods : - `public static function findByUsernameAndPassword($username, $password)` - `public static function findByUsername($username)` Creating specific view for OAuth2 --------------------------------- [](#creating-specific-view-for-oauth2) In order to use your own views (instead of the builtin ones), you can override - `layout` : module parameter `overrideLayout` - `viewPath` : module parameter `overrideViewPath` ### Overriding layout [](#overriding-layout) You should create a classic layout like : ```