PHPackages                             suhaboncukcu/oauth2server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. suhaboncukcu/oauth2server

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

suhaboncukcu/oauth2server
=========================

Oauth2Server plugin for CakePHP

1.0.2(8y ago)511MITPHP

Since Feb 28Pushed 7y ago1 watchersCompare

[ Source](https://github.com/suhaboncukcu/CakePHP-Oauth2Server)[ Packagist](https://packagist.org/packages/suhaboncukcu/oauth2server)[ RSS](/packages/suhaboncukcu-oauth2server/feed)WikiDiscussions master Synced today

READMEChangelog (3)Dependencies (3)Versions (4)Used By (0)

[![Build Status](https://camo.githubusercontent.com/30354fa2be06bdfe237910d19ec046696712c0157cd556ba31707cfd7289743d/68747470733a2f2f7472617669732d63692e6f72672f73756861626f6e63756b63752f43616b655048502d4f61757468325365727665722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/suhaboncukcu/CakePHP-Oauth2Server)

Oauth2Server plugin for CakePHP
===============================

[](#oauth2server-plugin-for-cakephp)

This plugin is intended to be an easy way to build an Oauth2 Server using [thephpleague/oauth2-server](http://oauth2.thephpleague.com/)

**!!Attention!!**This plugin does not support refresh token repository yet. Access tokens are usable without any expiration date. **use at your own risk!**

**PRs are more than welcome**

How to use?
-----------

[](#how-to-use)

You can install this plugin into your CakePHP application using [composer](http://getcomposer.org).

#### 1. Use composer to install

[](#1-use-composer-to-install)

```
composer require suhaboncukcu/oauth2server

```

> ! Create openSSL and encryption keys. I usually use a composer snippet to handle these tasks as below:

```
...
   "create-keys": [
        "openssl genrsa -out private.key 2048",
        "openssl rsa -in private.key -pubout -out public.key"
    ],
    "create-encryption-key": [
        "./vendor/bin/generate-defuse-key"
    ],
...

```

#### 2. Load the plugin

[](#2-load-the-plugin)

```
Plugin::load('Oauth2Server', ['bootstrap' => true, 'routes' => false]);

```

#### 3. Create your validators

[](#3-create-your-validators)

**!!Attention!!**

You can find example validator classes under `vendors\suhaboncukcu\Oauth2Server\src\OauthLogic\Validators`. You should copy and paste them to your desired location.

#### 4. Create &amp; Update the config file

[](#4-create--update-the-config-file)

Copy &amp; paste `vendors\suhaboncukcu\Oauth2Server\config\oauth2.php` to your config folder and update it. After creating your keys, you should set their permissions to `600` or `660`

#### 5. Implement end points. ``

[](#5-implement-end-points-)

```
// in one of your controllers

    // Auth endpoint
    public function authorize()
    {
        $this->autoRender = false;

        $this->loadComponent('Oauth2Server.Oauth2');

        $response = $this->Oauth2->authorize($this->request, $this->response);
        $response = $response->withHeader('Content-Type', 'application/json');

        return $response;
    }

    // callback endpoint
    public function code()
    {
        $this->autoRender = false;
        $response = $this->response
            ->withHeader('Content-Type', 'application/json')
            ->withStringBody(json_encode([
                'code' => urldecode($this->request->getQuery('code'))
            ]));

        return $response;
    }

    // access token endpoint
    public function accessToken()
    {
        $this->autoRender = false;

        $this->loadComponent('Oauth2Server.Oauth2');

        $response = $this->Oauth2->accessToken($this->request, $this->response);
        $response = $response->withHeader('Content-Type', 'application/json');

        return $response;
    }

```

#### 6. Use middleware to secure your routes.

[](#6-use-middleware-to-secure-your-routes)

```
// assuming you have a plugin named Api

//\Api\config\routes
use Cake\Routing\RouteBuilder;
use Cake\Routing\Router;
use Cake\Routing\Route\DashedRoute;

use League\OAuth2\Server\Middleware\ResourceServerMiddleware;
use Oauth2Server\OauthLogic\ServerUtility;

$serverUtility = new ServerUtility();
$server = $serverUtility->getPublicServer();

Router::plugin(
    'Api',
    ['path' => '/api'],
    function (RouteBuilder $routes) use ($server) {

        $routes->registerMiddleware('resourceServer', new ResourceServerMiddleware($server));
        $routes->middlewareGroup('Oauth2Stack', ['resourceServer']);

        $routes->applyMiddleware('Oauth2Stack');

        $routes->scope('/v1', function ($routes) {
            $routes->fallbacks(DashedRoute::class);
        });

    }
);

```

### 7. Use attributes to get total control in your actions if Validators are not enough

[](#7-use-attributes-to-get-total-control-in-your-actions-if-validators-are-not-enough)

`$this->request->getAttributes()`

###  Health Score

29

—

LowBetter than 60% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity10

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

3

Last Release

2995d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/b85eb775d57bd4c8dd60146303561ca86726fa718349106fd2de7f1725a87526?d=identicon)[suhaboncukcu](/maintainers/suhaboncukcu)

---

Top Contributors

[![suhaboncukcu](https://avatars.githubusercontent.com/u/2428828?v=4)](https://github.com/suhaboncukcu "suhaboncukcu (1 commits)")

---

Tags

authcakephpoauth2thphpleaguesuhaboncukcu

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/suhaboncukcu-oauth2server/health.svg)

```
[![Health](https://phpackages.com/badges/suhaboncukcu-oauth2server/health.svg)](https://phpackages.com/packages/suhaboncukcu-oauth2server)
```

###  Alternatives

[bshaffer/oauth2-server-php

OAuth2 Server for PHP

3.3k15.2M106](/packages/bshaffer-oauth2-server-php)[cakedc/users

Users Plugin for CakePHP

524897.0k16](/packages/cakedc-users)[league/oauth2-server-bundle

Symfony bundle .

2344.7M6](/packages/league-oauth2-server-bundle)[uafrica/oauth-server

OAuth Server for CakePHP 3 using the PHP League's OAuth2 Server

5172.1k](/packages/uafrica-oauth-server)[cakedc/auth

Auth objects for CakePHP

31630.0k2](/packages/cakedc-auth)[muffin/oauth2

CakePHP 3 authentication using the league/oauth2-client family

27103.4k](/packages/muffin-oauth2)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)