PHPackages                             jakim-pj/yii2-authserver - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jakim-pj/yii2-authserver

ActiveYii2-extension[Authentication &amp; Authorization](/categories/authentication)

jakim-pj/yii2-authserver
========================

Authentication server compatible with OAuth2.

1.0.0-beta.2(9y ago)0543MITPHPPHP &gt;=5.5.0

Since Dec 5Pushed 8y ago1 watchersCompare

[ Source](https://github.com/jakim/yii2-authserver)[ Packagist](https://packagist.org/packages/jakim-pj/yii2-authserver)[ RSS](/packages/jakim-pj-yii2-authserver/feed)WikiDiscussions master Synced 2mo ago

READMEChangelogDependencies (2)Versions (3)Used By (0)

The main purpose of this package is simplify the authentication process in restapi for mobile apps
--------------------------------------------------------------------------------------------------

[](#the-main-purpose-of-this-package-is-simplify-the-authentication-process-in-restapi-for-mobile-apps)

[![Latest Stable Version](https://camo.githubusercontent.com/90ef0e13ce799037d27da7bd1e57accb6dda2465c5b319c205abdef29851c30f/68747470733a2f2f706f7365722e707567782e6f72672f6a616b696d2d706a2f796969322d617574687365727665722f762f737461626c65)](https://packagist.org/packages/jakim-pj/yii2-authserver) [![Total Downloads](https://camo.githubusercontent.com/fa7a2a2f3e1140f624123b79e660becdec724d5b7445d11b7e5900b9f72e0a3a/68747470733a2f2f706f7365722e707567782e6f72672f6a616b696d2d706a2f796969322d617574687365727665722f646f776e6c6f616473)](https://packagist.org/packages/jakim-pj/yii2-authserver) [![Latest Unstable Version](https://camo.githubusercontent.com/52f99ae5b778b5ee3793c3bdda075a33f4b55b787fb3147347965d9451a043f7/68747470733a2f2f706f7365722e707567782e6f72672f6a616b696d2d706a2f796969322d617574687365727665722f762f756e737461626c65)](https://packagist.org/packages/jakim-pj/yii2-authserver) [![License](https://camo.githubusercontent.com/8ce6527c8b7c2259446863feaab0dc78b1994ad328818b9b4c661886e11c1b31/68747470733a2f2f706f7365722e707567782e6f72672f6a616b696d2d706a2f796969322d617574687365727665722f6c6963656e7365)](https://packagist.org/packages/jakim-pj/yii2-authserver)

### Authentication server is compatible with OAuth 2.0

[](#authentication-server-is-compatible-with-oauth-20)

### Success response [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.1)

[](#success-response-rfc-6749)

```
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Wed, 23 Nov 2016 15:35:13 GMT
Content-Type: application/json; charset=UTF-8
```

```
{
  "access_token": "4U0B6zMngrDuiNPyTErzsZ35gBVexoxC_1479923192",
  "token_type": "bearer",
  "expires_in": 7200,
  "refresh_token": "e-KaqLwjAgWrpp5A8c1zISfeK4dOEZex_1482507992"
}
```

### Error response [RFC 6749](https://tools.ietf.org/html/rfc6749#section-5.2)

[](#error-response-rfc-6749)

```
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
```

```
{
  "error":"invalid_request"
}
```

### Errors

[](#errors)

The authorization server responds with an HTTP 400 (Bad Request) status code and includes the following parameters with the response:

- **invalid\_request**The request is missing a required parameter, other than grant type.
- **invalid\_grant**The provided authorization grant (e.g., authorization code, resource owner credentials or refresh token) is invalid, expired, revoked.
- **unsupported\_grant\_type**The authorization grant type is not supported by the authorization server.

### Installation

[](#installation)

1 . Configure component in `config/web.php`

Example:

```
'components' => [
    'authServer' => [
        'class' => \jakim\authserver\Server::class,
        'grantTypes' => [
            'password' => \jakim\authserver\grants\PasswordCredentials::class,
            'refresh_token' => \jakim\authserver\grants\RefreshToken::class,
            'facebook_token' => [
                'class' => \jakim\authserver\grants\FacebookToken::class,
                'app_id' => $params['facebook.app_id'],
                'app_secret' => $params['facebook.app_secret'],
                'fields' => 'birthday,email,name,about,gender,picture.type(large){url}',
            ],
        ],
    ],
],
```

2 . Implement identity interfaces (typically in `User` model):

- `jakim\authserver\base\UserIdentityInterface` for **password grant** and **refresh token grant**
- `jakim\authserver\base\FacebookUserIdentityInterface` for **facebook token grant**

Example:

```
public static function findIdentityByCredentials($username, $password)
{
    $security = \Yii::$app->security;
    $model = static::findOne(['email' => $username]);
    if ($model && $security->validatePassword($password, $model->password)) {
        return $model;
    }

    return null;
}

public static function findIdentityByRefreshToken($refreshToken)
{
    return static::findOne(['refresh_token' => $refreshToken]);
}

public static function findIdentityByFacebookGraphUser($user)
{
    /** @var GraphUser $user */
    $model = static::findOne(['facebook_id' => $user->getId()]);
    if ($model === null) {
        $model = static::findOne(['email' => $user->getEmail()]);
    }

    // auto create user from facebook
    if ($model === null) {
        /** @var User $model */
        $model = UserFactory::newFromFacebookGraphUser($user);
        if (!$model->save()) {
            \Yii::error('Unable to create new user from facebook: ' . print_r($model->getErrors(), true), __METHOD__);

            return null;
        }
    } else {
        $model = UserFactory::updateFromFacebookGraphUser($model, $user);
        if (!$model->save()) {
            \Yii::error('Unable to update user from facebook: ' . print_r($model->getErrors(), true), __METHOD__);

            return null;
        }
    }

    return $model;
}

public function setAccessToken($token)
{
    $this->access_token = $token;
}

public function getAccessToken()
{
    return $this->access_token;
}

public function setRefreshToken($token)
{
    $this->refresh_token = $token;
}

public function getRefreshToken()
{
    return $this->refresh_token;
}
```

3 . Create `token` action in auth controller

Example - custom action:

```
public function actionToken()
{
    /** @var Server $server */
    $server = Instance::ensure('authServer', Server::class);

    if (($response = $server->getResponse()) === null) {

        return $server->getError();
    }

    return $response;
}
```

Example - predefined action class:

```
    public function actions()
    {
        return [
            'token' => TokenAction::class,
        ];
    }
```

API Usage example:

#### Arguments for password grant type

[](#arguments-for-password-grant-type)

PropertyTypeRequiredDescriptionusernamevarchar(255)YesEmailpasswordvarchar(255)YesPasswordgrant\_typevarchar(255)YesValue always: `password`#### Arguments for password grant type

[](#arguments-for-password-grant-type-1)

PropertyTypeRequiredDescriptionrefresh\_tokenvarchar(255)YesRefresh Tokengrant\_typevarchar(255)YesValue always: `refresh_token`#### Arguments for facebook grant type

[](#arguments-for-facebook-grant-type)

PropertyTypeRequiredDescriptionfacebook\_tokenvarchar(255)YesFacebook Tokengrant\_typevarchar(255)YesValue always: `facebook_token`4 . Use custom auth filter `jakim\authserver\filters\HttpBearerAuth` (optionally)

###  Health Score

23

—

LowBetter than 27% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity12

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity45

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~94 days

Total

2

Last Release

3350d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/2cd489b24694be7fd5f47165166e2c1bd35813d403f48c724cb357e8e3f25d90?d=identicon)[jakim](/maintainers/jakim)

---

Top Contributors

[![jakim](https://avatars.githubusercontent.com/u/839118?v=4)](https://github.com/jakim "jakim (14 commits)")

---

Tags

apifacebookoauthoauth2oauth2-serverrestyii2yii2-extension

### Embed Badge

![Health badge](/badges/jakim-pj-yii2-authserver/health.svg)

```
[![Health](https://phpackages.com/badges/jakim-pj-yii2-authserver/health.svg)](https://phpackages.com/packages/jakim-pj-yii2-authserver)
```

###  Alternatives

[rmrevin/yii2-ulogin

Extension for yii2 ulogin integration

1811.9k](/packages/rmrevin-yii2-ulogin)[kakadu-dev/yii2-jwt-auth

Extension provide JWT auth for Yii2

105.8k](/packages/kakadu-dev-yii2-jwt-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)