PHPackages omarelgabry/lumen-api-oauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. omarelgabry/lumen-api-oauth ActiveProject[HTTP & Networking](/categories/http) omarelgabry/lumen-api-oauth =========================== A RESTful API based on Lumen micro-framework with OAuth2. v1.0(10y ago)761640[2 issues](https://github.com/OmarElGabry/lumen-api-oauth/issues)MITPHPPHP >=5.5.9 Since Apr 7Pushed 9y ago8 watchersCompare [ Source](https://github.com/OmarElGabry/lumen-api-oauth)[ Packagist](https://packagist.org/packages/omarelgabry/lumen-api-oauth)[ Docs](https://github.com/OmarElGabry/lumen-api-oauth)[ RSS](/packages/omarelgabry-lumen-api-oauth/feed)WikiDiscussions master Synced 3w ago READMEChangelog (1)Dependencies (6)Versions (2)Used By (0) [![Lumen API OAuth](https://raw.githubusercontent.com/OmarElGabry/lumen-api-oauth/master/public/lumen-api-oauth.png)](https://raw.githubusercontent.com/OmarElGabry/lumen-api-oauth/master/public/lumen-api-oauth.png) Lumen API OAuth =============== [](#lumen-api-oauth) [![Build Status](https://camo.githubusercontent.com/e0ac019a234a68f64b6771d3d348de26f2698a0fd0d0d7e509ce9ad4c945a2a4/68747470733a2f2f7472617669732d63692e6f72672f4f6d6172456c47616272792f6c756d656e2d6170692d6f617574682e706e67)](https://travis-ci.org/OmarElGabry/lumen-api-oauth)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/556184e93868e1613043eb460522a19575caea2967d1059df684cc14cecbced5/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f4f6d6172456c47616272792f6c756d656e2d6170692d6f617574682f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/OmarElGabry/lumen-api-oauth/?branch=master)[![Code Climate](https://camo.githubusercontent.com/20409035f2190384e107ffeca523327fea88bdaf0031fca82cc8f021590aad01/68747470733a2f2f636f6465636c696d6174652e636f6d2f6769746875622f4f6d6172456c47616272792f6c756d656e2d6170692d6f617574682f6261646765732f6770612e737667)](https://codeclimate.com/github/OmarElGabry/lumen-api-oauth)[![Dependency Status](https://camo.githubusercontent.com/cae94802301e9b539b27f3371f121628f4f0d6994e36a219cecdf3250d5121dc/68747470733a2f2f7777772e76657273696f6e6579652e636f6d2f757365722f70726f6a656374732f3537303630643331666364313961303033396631356461342f62616467652e7376673f7374796c653d666c6174)](https://www.versioneye.com/user/projects/57060d31fcd19a0039f15da4) [![Latest Stable Version](https://camo.githubusercontent.com/8131e92367871aeae7200227df9ec7574309d3872501182151371a51c35c8b7a/68747470733a2f2f706f7365722e707567782e6f72672f6f6d6172656c67616272792f6c756d656e2d6170692d6f617574682f762f737461626c65)](https://packagist.org/packages/omarelgabry/lumen-api-oauth)[![License](https://camo.githubusercontent.com/9bf1ca56bc6be9a45d8fbaf7cf299b49c26d57486319e0bb75059a4590519571/68747470733a2f2f706f7365722e707567782e6f72672f6f6d6172656c67616272792f6c756d656e2d6170692d6f617574682f6c6963656e7365)](https://packagist.org/packages/omarelgabry/lumen-api-oauth) A RESTful API based on Lumen micro-framework with OAuth2. Lumen API OAuth is a simple application, indented for small projects, helps to understand creating RESTful APIs with Lumen and OAuth2, know how to authenticate and authorize, and more. The RESTful API for Posts and Comments, where Users can view, create, update, and delete. It provides authorization mechanism to authorize against access tokens using OAuth2, ownership, and non-admin Vs admin users. 📣 A full tutorial on building a RESTful API with Lumen and OAuth2 can be found on [Medium](https://medium.com/omarelgabrys-blog/building-restful-apis-with-lumen-and-oauth2-8ba279c6a31). Index ----- [](#index) - [Installation](#installation) - [Terminology](#terminology) - [Authorization](#authorization) - [Routing](#routing) - [Support](#support) - [Contribute](#contribute) - [Dependencies](#dependencies) - [License](#license) Installation ----------------------------------------------------- [](#installation-) Steps: 1. Run [Composer](https://getcomposer.org/doc/00-intro.md) ``` composer install ``` 2. Laravel Homestead If you are using Laravel Homestead, then follow the [Installation Guide](https://laravel.com/docs/5.2/homestead). 3. WAMP, LAMP, MAMP, XAMP Server If you are using any of WAMP, LAMP, MAMP, XAMP Servers, then don't forget to create a database, probably a MySQL database. 4. Configure the`.env` file Rename `.env.example` file to `.env`, set your application key to a random string with 32 characters long, edit database name, database username, and database password if needed. 5. Finally, Run Migrations and Seed the database with fake data. ``` php artisan migrate --seed ``` Terminology -------------------------------------------------- [](#terminology) There are some terminologies that will be used on the meaning of the terms used by OAuth 2.0. If you need a refresher, then check [this](https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2) out. Authorization ------------------------------------------------------ [](#authorization) Authorization comes in two layers. The first layer authorize against the access token, and the second one is for checking against ownership, and non-admin Vs admin users. By default, user can delete or update a post or a comment **only** if he is the owner. Admins are authorized to view, create, update or delete anything. ### Access Tokens [](#access-tokens) The application implements [Resource owner credentials grant](https://github.com/lucadegasperi/oauth2-server-laravel/blob/master/docs/authorization-server/choosing-grant.md#resource-owner-credentials-grant-section-43), which essentially requires the client to submit 5 fields: `username`, `password`, `client_id`, `client_secret`, and `grant_type`. The authorization server will then issue access tokens to the client after successfully authenticating the client credentials and presenting authorization grant(user credentials). In `app/Http/routes.php`, A route has been defined for requesting an access token. ### Ownership, & non-Admin Vs Admin Users [](#ownership--non-admin-vs-admin-users) Now, after validating the access token, we can extend the authorization layers and check if the current user is owner of the requested resource(i.e. post or comment), or is admin. So, *How does it work?* **Assign Middleware to controller** ``` public function __construct(){ $this->middleware('oauth', ['except' => ['index', 'show']]); $this->middleware('authorize:' . __CLASS__, ['except' => ['index', 'show', 'store']]); } ``` **Order** Please note that the middlewares has to be applied in a certain order. The `oauth` has to be added before the `authorize` Middleware. **Override isAuthorized() method** ``` public function isAuthorized(Request $request){ $resource = "posts"; $post = Post::find($this->getArgs($request)["post_id"]); return $this->authorizeUser($request, $resource, $post); } ``` In `app/Providers/AuthServiceProvider.php`, Abilities are defined using `Gate` facade. Routing ------------------------------------------ [](#routing) These are some of the routes defined in `app/routes.php`. You can test the API using [Postman](https://www.getpostman.com/) HTTP MethodPathActionFieldsGET/usersindexPOST/oauth/access\_tokenusername, password, client\_id, client\_secret, and grant\_type. *The `username` field is the `email` in `Users` table*. *The `password` field is **secret***. *The `client_id` & `client_secret` fields are **id0** & **secret0**, or **id1** & **secret1**, ...etc respectively*. *The `grant_type` field is **password***.POST/postsstoreaccess\_token, title, contentPUT/posts/{post\_id}updateaccess\_token, title, contentDELETE/posts/{post\_id}destroyaccess\_tokenSupport ------------------------------------------- [](#support-) I've written this script in my free time during my studies. This is for free, unpaid. If you find it useful, please support the project by spreading the word. Contribute ------------------------------------------------- [](#contribute-) Contribute by creating new issues, sending pull requests on Github or you can send an email at: Dependencies ----------------------------------------------------- [](#dependencies-) - [OAuth2 Server](https://github.com/lucadegasperi/oauth2-server-laravel/) License ------------------------------------------- [](#license-) Built under [MIT](http://www.opensource.org/licenses/mit-license.php) license. ### Health Score 31 — LowBetter than 66% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community16 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3732d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c3d0813dfe552fee7aef4307b535f717c6e8c96e54cbcde939a0ab2eb4a13e7b?d=identicon)[OmarElGabry](/maintainers/OmarElGabry) --- Top Contributors [![OmarElgabry](https://avatars.githubusercontent.com/u/9262504?v=4)](https://github.com/OmarElgabry "OmarElgabry (14 commits)") --- Tags lumenlumen-api-oauthlumen-frameworkoauth2restfulrestful-apiapirestAuthenticationlumenoauthauthorization ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/omarelgabry-lumen-api-oauth/health.svg) ``` [![Health](https://phpackages.com/badges/omarelgabry-lumen-api-oauth/health.svg)](https://phpackages.com/packages/omarelgabry-lumen-api-oauth) ``` ### Alternatives [zoonman/linkedin-api-php-client LinkedIn API PHP SDK with OAuth 2.0 & CSRF support. Can be used for social sign in or sharing on LinkedIn. Examples. Documentation. 128716.7k](/packages/zoonman-linkedin-api-php-client)[ezralazuardy/heimdall Painless OAuth 2.0 Server for CodeIgniter 4 454.2k](/packages/ezralazuardy-heimdall)[aphiria/aphiria The Aphiria framework 1428.0k2](/packages/aphiria-aphiria) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)