PHPackages radweb/oauth-token-encoding - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. radweb/oauth-token-encoding AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) radweb/oauth-token-encoding =========================== Alternate Encoding for OAuth 2 Token Responses v1.1.0(9y ago)11.2kMITPHPPHP >=5.6.0 Since Nov 18Pushed 9y ago6 watchersCompare [ Source](https://github.com/Radweb/OAuthTokenEncoding)[ Packagist](https://packagist.org/packages/radweb/oauth-token-encoding)[ RSS](/packages/radweb-oauth-token-encoding/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependencies (5)Versions (3)Used By (0) [![](https://camo.githubusercontent.com/b81f949074de87a2e7cbe58ac0e7293e6c869eff3bd2213f91389f414fe07364/687474703a2f2f692e696d6775722e636f6d2f51736c6872357a2e706e67)](https://radweb.co.uk) [![Build Status](https://camo.githubusercontent.com/71d9ee2c17138c7f61c0912ae62c089967d39a5bd0c68fa51d7766aa82c4bb95/68747470733a2f2f6170692e7472617669732d63692e6f72672f5261647765622f4f41757468546f6b656e456e636f64696e672e737667)](https://travis-ci.org/Radweb/OAuthTokenEncoding) [![Latest Stable Version](https://camo.githubusercontent.com/7f376a51a44a06e0e8aaafe79c508724e19a33ed4b08cb65a069f4da6da634bc/68747470733a2f2f706f7365722e707567782e6f72672f7261647765622f6f617574682d746f6b656e2d656e636f64696e672f762f737461626c65)](https://packagist.org/packages/radweb/oauth-token-encoding) [![License](https://camo.githubusercontent.com/ef66ffc6161c56da0a350d6f4e65e92457858589d2369226af9f9e8d2caefa5c/68747470733a2f2f706f7365722e707567782e6f72672f7261647765622f6f617574682d746f6b656e2d656e636f64696e672f6c6963656e7365)](https://packagist.org/packages/radweb/oauth-token-encoding) OAuth 2 Token Encoder ===================== [](#oauth-2-token-encoder) The OAuth 2 spec specifies token responses should be JSON. However [XML users will be XML users](https://twitter.com/DanHarper7/status/514822464673951744) so there's a draft spec extension which defines how OAuth responses should look in XML and Form Encoded formats: ``` { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600 } ``` ``` 2YotnFZFEjr1zCsicMWpAA example 3600 ``` ``` access_token=2YotnFZFEjr1zCsicMWpAA&token_type=example&expires_in=3600 ``` Installation ------------ [](#installation) ``` composer require radweb\oauth-token-encoding ``` Usage ----- [](#usage) There's a basic `Radweb\OAuthTokenEncoding\OAuthTokenEncoder` class which when given an `Accept` header and an array representing an OAuth token, will respond with the correct `Content-Type` header and the correctly encoded OAuth token. There's also adaptors for common libraries which will respond with a correct Response object: - `OAuthTokenIlluminateAdaptor` for Laravel - `OAuthTokenSymfonyAdaptor` for Symfony - `OAuthTokenPsrAdaptor` for any PSR-7 compatible libraries (although uses the `Zend\Diactoros` package as the implementation for the PSR-7 response) Finally, if you're using the `League\OAuth2\Server` package, there's a compatible `LeagueOAuthExceptionFormatter` class for formatting exceptions from that library. If you're using it with Laravel, there's also `LaravelOAuthExceptionHandlingMiddleware` for doing that automatically. ### Basic Usage [](#basic-usage) ``` // grab the "Accept" header from your request and pass it in $accept = 'application/xml'; // create an access token $oauthToken = [ "access_token" => "2YotnFZFEjr1zCsicMWpAA", "token_type" => "example", "expires_in" => 3600, "refresh_token" => "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter" => "example_value", ]; $encoder = new OAuthTokenEncoder; list($contentType, $body) = $encoder->encode($accept, $oauthToken); // return a response using the given body & content type ``` ##### With League's OAuth 2 Server [](#with-leagues-oauth-2-server) The format returned by `League\OAuth2\Server\AuthorizationServer`'s `issueAccessToken` method can be passed through to the encoder. ``` list($contentType, $body) = $encoder->encode($authorizationServer->issueAccessToken()); ``` ### With Laravel / Lumen [](#with-laravel--lumen) Given an `Illuminate\Http\Request` object, the adaptor will check the `Accept` header of the request for `application/json`, `application/xml` or `application/x-www-form-urlencoded`. If none are found, it assumes JSON. ``` $oauthToken = [ "access_token" => "2YotnFZFEjr1zCsicMWpAA", "token_type" => "example", "expires_in" => 3600, "refresh_token" => "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter" => "example_value", ]; // $request should be a Illuminate\Http\Request $adaptor = new OAuthTokenIlluminateAdaptor(new OAuthTokenEncoder, $request); // or.. $adaptor = OAuthTokenIlluminateAdaptor::make($request); $response = $adaptor->adapt($oauthToken); // $response is now an Illuminate\Http\Response ``` The response will contain the correctly encoded body, the correct `Content-Type` header and the `Cache-Control: no-store` header. ##### With [Laravel OAuth 2 Server](https://github.com/lucadegasperi/oauth2-server-laravel) [](#with-laravel-oauth-2-server) ``` use \LucaDegasperi\OAuth2Server\Authorizer; use \Radweb\OAuthTokenEncoding\ResponseAdaptors\OAuthTokenIlluminateAdaptor; Route::post('oauth/token', function(Authorizer $authorizer, OAuthTokenIlluminateAdaptor $adaptor) { return $adaptor->adapt($authorizer->issueAccessToken()); }); ``` The format returned by `League\OAuth2\Server\AuthorizationServer`'s `issueAccessToken` method can be passed through to the encoder. ### With PSR-7 [](#with-psr-7) > To construct a response, the `zendframework/zend-diactoros` package is required. Given a PSR-7 request, the adaptor will check the `Accept` header of the request for `application/json`, `application/xml` or `application/x-www-form-urlencoded`. If none are found, it assumes JSON. ``` $oauthToken = [ "access_token" => "2YotnFZFEjr1zCsicMWpAA", "token_type" => "example", "expires_in" => 3600, "refresh_token" => "tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter" => "example_value", ]; // $request should be a PSR-7 compliant Request object $adaptor = new OAuthTokenPsrAdaptor(new OAuthTokenEncoder, $request); // or.. $adaptor = OAuthTokenPsrAdaptor::make($request); $response = $adaptor->adapt($oauthToken); // $response is now a PSR-7 compliant Response object ``` The response will contain the correctly encoded body, the correct `Content-Type` header and the `Cache-Control: no-store` header. Errors ------ [](#errors) If you're using [Laravel OAuth 2 Server](https://github.com/lucadegasperi/oauth2-server-laravel) you can use the `LaravelOAuthExceptionHandlingMiddleware` instead of the one provided in that package. ``` { "error": "invalid_client", "error_description": "Client authentication failed." } ``` ``` invalid_client Client authentication failed. ``` ``` error=invalid_client&error_description=Client+authentication+failed. ``` ### Health Score 29 — LowBetter than 59% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity16 Limited adoption so far Community9 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~250 days Total 2 Last Release 3584d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f85b25e3772649f8b096057162897f1052385f956e170e9cdf628c4ef72edede?d=identicon)[danharper](/maintainers/danharper) --- Top Contributors [![danharper](https://avatars.githubusercontent.com/u/510740?v=4)](https://github.com/danharper "danharper (21 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/radweb-oauth-token-encoding/health.svg) ``` [![Health](https://phpackages.com/badges/radweb-oauth-token-encoding/health.svg)](https://phpackages.com/packages/radweb-oauth-token-encoding) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)