PHPackages john-peterson-g17/oauth-token-management - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. john-peterson-g17/oauth-token-management ActiveLibrary[Authentication & Authorization](/categories/authentication) john-peterson-g17/oauth-token-management ======================================== A framework agnostic abstraction for managing tokens/grants in the OAuth 2.0 flow as described in RFC 6749. This package would be a module inside of your Authorization Server used to manage tokens 1.0.0(2y ago)15[5 issues](https://github.com/john-peterson-g17/oauth-token-management/issues)MITPHPPHP >=8.2 Since Jan 13Pushed 2y ago1 watchersCompare [ Source](https://github.com/john-peterson-g17/oauth-token-management)[ Packagist](https://packagist.org/packages/john-peterson-g17/oauth-token-management)[ RSS](/packages/john-peterson-g17-oauth-token-management/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (6)Versions (2)Used By (0) OAuth 2.0 Token Management ========================== [](#oauth-20-token-management) This project seeks to be an unbiased framework agnostic module for managing tokens in the OAuth 2.0 per [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749). More specifically if you were creating an Authorization Server this package would be the module within that Authorization Server responsible for: 1. Issueing Tokens 2. Revoking Tokens 3. Refreshing Access Tokens 4. etc.. Reference the definition of the Authorization Server in OAuth 2.0 as defined in [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749#section-1.1) Concepts -------- [](#concepts) ### Authorization Gate [](#authorization-gate) The class through which most of your interaction with this package will ocurr. It is responsible for issuing tokens (via Grant), authorizing access, refreshing access tokens, etc.. Think of it as the core module within your OAuth2 Authorization Server. ### Grant [](#grant) A Grant is set of tokens that are issued to a client along with some other meta data. It is a statement of successful authentication and access granted to the system. Grants are immutable. You can retrieve the data for a grant via various methods. ``` $grant->userId(); // accessToken(); // refreshToken(); // expiresIn(); // tokenType(); // 'https://myserver.com', 'key' => 'someSuperSecretKey1234', 'hashing_algorithm' => HashingAlgorithm::HS256, 'access_token_expiration' => 30, 'refresh_token_expiration' => 60, 'persistance_driver' => Driver::None ] ); $gate = new AuthorizationGate($config); // 'some_incorrect_driver_type' ] ); // **Info:** Remember that configuration options are expected to be given as an array of key value pairs using the key listed in the table above ### Persistance [](#persistance) By default there is no persistance driver used. This is useful for cases where you want to handle how your tokens are persisted and want the package to take care of only generating the tokens. > **Warning:** Many functions of the authorization gate will throw an `\JohnPetersonG17\OAuthTokenManagement\Exceptions\PersistanceDriverNotSetException` if no persistance driver is set. Example: You cannot retrieve a token if it is not persisted anywhere. If you want to let the package have the responsability of persisting tokens to a data store then you can set one of the available persistence drivers as shown below. #### Redis Persistance Driver [](#redis-persistance-driver) You can set the package to use redis to persist your tokens by setting the redis persistance driver in the configuration. You may then pass an additional key `redis` with an array of options for configuring connection to a redis server. Under the hood, the predis client is used for connection/communication with redis so any options passed inside the `redis` key will be passed directly to predis. Thus all predis configuration options are supported. Predis Reference: ``` use JohnPetersonG17\OAuthTokenManagement\Persistance\Driver; use JohnPetersonG17\OAuthTokenManagement\Config; $config = new Config( [ 'persistance_driver' => Driver::Redis, 'redis' => [ // [ 'host' => $this->host, 'port' => $this->port, ] ] ] ); ``` Usage ----- [](#usage) Once you have configured and created an Authentication Gate you can then call all the avaialble function on the gate to create and check tokens. > **Warning:** Many functions of the authorization gate will throw an `\JohnPetersonG17\OAuthTokenManagement\Exceptions\PersistanceDriverNotSetException` if no persistance driver is set. Example: You cannot retrieve a token if it is not persisted anywhere. ### Granting Access to a User (Issuing a Grant) [](#granting-access-to-a-user-issuing-a-grant) Use this method to grant a user an access and refresh token. ``` $userId = 1234; // ... Your application code authenticating the user $grant = $gate->grant($userId); // accessToken(); // authorize($accessToken); // accessToken(); // authorize($accessToken); } catch (\JohnPetersonG17\OAuthTokenManagement\Exceptions\TokenExpiredException) { // ... Your application code informing the client that the access token has expired } catch (\JohnPetersonG17\OAuthTokenManagement\Exceptions\NotFoundException) { // ... Handle the case where the token does not exist or cannot be found } ``` ### Revoking a Users Tokens (User Logout) [](#revoking-a-users-tokens-user-logout) Use this method to revoke a users tokens/grant. Usually this would be done when a user explicitly logs out of the system. ``` $userId = 1234; // ... Your application code logging out the user $grant = $gate->revoke($userId); ``` ### Refresh a Users Access Token [](#refresh-a-users-access-token) Use this method to refresh a users access token, this allows a user to "stay logged in" to your system until the refresh token expires. ``` $refreshToken = $grant->refreshToken(); // refresh($refreshToken); // retrieve($userId); //