PHPackages                             sweelix/yii2-oauth2-server - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. sweelix/yii2-oauth2-server

Abandoned → [blackcube/yii-oauth2](/?search=blackcube%2Fyii-oauth2)Yii2-extension[Authentication &amp; Authorization](/categories/authentication)

sweelix/yii2-oauth2-server
==========================

PHP 5.6+ Oauth2 server integration for the Yii framework

1.4.0(7y ago)619.0k18BSD-3-ClausePHPPHP &gt;=7.1.0

Since Nov 7Pushed 2y ago9 watchersCompare

[ Source](https://github.com/pgaultier/yii2-oauth2)[ Packagist](https://packagist.org/packages/sweelix/yii2-oauth2-server)[ RSS](/packages/sweelix-yii2-oauth2-server/feed)WikiDiscussions devel Synced 4w ago

READMEChangelogDependencies (5)Versions (11)Used By (0)

Oauth2 Yii2 integration
=======================

[](#oauth2-yii2-integration)

This extension allow the developper to use [Oauth2](https://bshaffer.github.io/oauth2-server-php-docs/) server.

[![Latest Stable Version](https://camo.githubusercontent.com/067df783d0771e348955ce4f43bed4b977926c57aa208588f4f97d8efc26e5ea/68747470733a2f2f706f7365722e707567782e6f72672f737765656c69782f796969322d6f61757468322d7365727665722f762f737461626c65)](https://packagist.org/packages/sweelix/yii2-oauth2-server)[![Build Status](https://camo.githubusercontent.com/50b6bd86f0272a94175ed5fe0747de66454c5ec4ccb5a040ce989dfe5213829d/68747470733a2f2f6170692e7472617669732d63692e6f72672f706761756c746965722f796969322d6f61757468322e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/pgaultier/yii2-oauth2)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/594b1d5c2a66e2b57379ea576b8dc608e814b40d8f1f81ee3705ff7f5b39905c/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f706761756c746965722f796969322d6f61757468322f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=master)[![Code Coverage](https://camo.githubusercontent.com/02eb05f9745822071e909353e27100449d5512340e8c050825178af03609777c/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f706761756c746965722f796969322d6f61757468322f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=master)[![License](https://camo.githubusercontent.com/e4ba7ae8f48ebf4c63c4ba585e41a1f311bc993ec3eb46bd9867d9790965be42/68747470733a2f2f706f7365722e707567782e6f72672f737765656c69782f796969322d6f61757468322d7365727665722f6c6963656e7365)](https://packagist.org/packages/sweelix/yii2-oauth2-server)

[![Latest Development Version](https://camo.githubusercontent.com/da9290457cc26b65f8faba577f924f94512f24929311567c357a38320d6772fd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f756e737461626c652d646576656c2d79656c6c6f77677265656e2e737667)](https://packagist.org/packages/sweelix/yii2-oauth2-server)[![Build Status](https://camo.githubusercontent.com/45d631dc5384a2a3503264995c146c81a5d5d536c8729135fa55ebf1e0a19b73/68747470733a2f2f7472617669732d63692e6f72672f706761756c746965722f796969322d6f61757468322e7376673f6272616e63683d646576656c)](https://travis-ci.org/pgaultier/yii2-oauth2)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/f55eb826482a26ca3640b857471df0c766051e09076e77bc7eb7134e09813c33/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f706761756c746965722f796969322d6f61757468322f6261646765732f7175616c6974792d73636f72652e706e673f623d646576656c)](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=devel)[![Code Coverage](https://camo.githubusercontent.com/82228a8fc4fcaf63c1361c83103228cda9b8f4ee7e989615a84580d33d14c360/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f706761756c746965722f796969322d6f61757468322f6261646765732f636f7665726167652e706e673f623d646576656c)](https://scrutinizer-ci.com/g/pgaultier/yii2-oauth2/?branch=devel)[![composer.lock](https://camo.githubusercontent.com/b14755952194c45320f009a284a8d9f6048c77bd686ac798b16942232b39bdd0/68747470733a2f2f706f7365722e707567782e6f72672f737765656c69782f796969322d6f61757468322d7365727665722f636f6d706f7365726c6f636b)](https://packagist.org/packages/sweelix/yii2-oauth2-server)

Installation
------------

[](#installation)

If you use Packagist for installing packages, then you can update your composer.json like this :

```
{
    "require": {
        "sweelix/yii2-oauth2-server": "~1.2.0"
    }
}
```

How to use it
-------------

[](#how-to-use-it)

Add extension to your configuration :

```
return [
    //....
    'bootstrap' => [
        //....
        'oauth2',
        //....
    ],
    'modules' => [
        //....
        'oauth2' => [
            'class' => 'sweelix\oauth2\server\Module',
            'backend' => BACKEND,
            'db' => DB,
            'identityClass' => 'app\models\User', // only if you don't want to use the user identityClass
            //
            // Parameters
            //
        ],
        //....
    ],
    //....
];
```

You also need to enable PrettyUrl:

```
'components' => [
    //....
    'urlManager' => [
        'enablePrettyUrl' => true,
        'rules' => [
            // your rules go here
        ],
        // ....
    ]
    // ....
]
```

### Migrations (MySql only)

[](#migrations-mysql-only)

All the migrations needed can be found inside src/migrations. Be sure to configure the database connection before applying them.

### Grant types

[](#grant-types)

You can find examples and explanations about every grant types [here](http://bshaffer.github.io/oauth2-server-php-docs/grant-types/authorization-code/)and [here](https://alexbilbie.com/guide-to-oauth-2-grants/).

For the Jwt Bearer Grant, you will need to create a Jwt entry in your database for the given client and subject.

Configure Module
----------------

[](#configure-module)

### Basic module parameters

[](#basic-module-parameters)

- `backend` : can be **redis** or **mysql**
- `db` : id of the component or connection or connection configuration
- `identityClass` : user class used to link oauth2 authorization system default to user component `identityClass`
- `webUserParamId` : allow separation between main app user (session) and module app user, (default to **\_\_oauth2**)
- `identityCookieName` : allow separation between main app user (cookie) and module app user, (default to **oauth2**)
- `webUser` : allow full management of module web user, (default to **\[\]**)
- `baseEndPoint` : base path for token and authorize endpoints default to `''`
    - Token endpoint
    - Authorize endpoint
- `overrideLayout` : override module layout to use another one (ex: @app/views/layouts/oauth2)
- `overrideViewPath` : override view path to use specific one (ex: @app/views/oauth2)

### Grants management

[](#grants-management)

- `allowImplicit` : allow implicit grant (default to **false**)
- `allowAuthorizationCode` : allow authorization code grant (default to **true**)
- `allowClientCredentials` : allow client credentials grant (default to **true**)
- `allowPassword` : allow user credentials / password grant (default to **true**)
- `allowCredentialsInRequestBody` : allow credentials in request body (default to **true**)
- `allowPublicClients` : allow public clients (default to **true**)
- `alwaysIssueNewRefreshToken` : always issue refresh token (default to **true**)
- `unsetRefreshTokenAfterUse` : unset refresh token after use (default to **true**)

### JWT parameters (:warning: Not sure about the implementation. Use at your own risk !)

[](#jwt-parameters-warning-not-sure-about-the-implementation-use-at-your-own-risk-)

- `useJwtAccessToken` : send access tokens as JWT (default : **false**)
- `allowAlgorithm` : available algorithm for JWT (default : **\['RS256', 'RS384', 'RS512'\]**)
- `jwtAudience` : default to token endpoint
- `storeEncryptedTokenString` : store encrypted token (default : **true**)

### Time To Live

[](#time-to-live)

- `idTTL` : TTL of ID Token (default to **3600**)
- `accessTokenTTL` : TTL of access token (default to **3600**)
- `refreshTokenTTL` : TTL of refresh token (default to **14 \* 24 \* 3600**)

### Basic Oauth names

[](#basic-oauth-names)

- `realm` : Realm value (default to **Service**)
- `tokenQueryName` : name of the access token parameter (default to **access\_token**)
- `tokenBearerName` : name of authorization header (default to **Bearer**)

### Enforce parameters

[](#enforce-parameters)

- `enforceState` : enforce state parameter (default to **true**)
- `allowOnlyRedirectUri` : need exact redirect URI (default to **true**)

### OpenID

[](#openid)

- `allowOpenIdConnect` : enable openId connect (default : **false**) // not implemented yet

### Authorization Code parameters

[](#authorization-code-parameters)

- `enforceRedirect` : enforce redirect parameter (default to **false**)
- `authorizationCodeTTL` : TTL of authorization code (default to **30**)

### CORS

[](#cors)

- `cors` : enable `CORS` on the token endpoint (default : **false**) the CORS part can be defined using an array as described [in Yii documentation](http://www.yiiframework.com/doc-2.0/yii-filters-cors.html)

```
 return [
     //....
     'bootstrap' => [
         //....
         'oauth2',
         //....
     ],
     'modules' => [
         //....
         'oauth2' => [
             'class' => 'sweelix\oauth2\server\Module',
             'backend' => 'redis',
             'db' => 'redis',
             'identityClass' => 'app\models\User', // only if you don't want to use the user identityClass
             //
             // Cors parameters example :
             //
             'cors' => [
                'Origin' => ['https://www.myowndomain.com'],
             ]
         ],
         //....
     ],
     //....
 ];
```

User identity and Web user
--------------------------

[](#user-identity-and-web-user)

Configure the user component to link oauth2 system and user / identity management

```
return [
    //....
    'components' => [
        //....
        'user' => [
            'class' => 'sweelix\oauth2\server\web\User',
            'identityClass' => 'app\models\User', // Identity class must implement UserModelInterface
            //
            // Parameters
            //
        ],
        //....
    ],
    //....
];
```

`IdentityClass` must implements `sweelix\oauth2\server\interfaces\UserModelInterface`. You can use the trait `sweelix\oauth2\server\traits\IdentityTrait` to automagically implement

- `public function getRestrictedScopes()`
- `public function setRestrictedScopes($scopes)`
- `public static function findIdentityByAccessToken($token, $type = null)`

you will have to implement the remaining methods :

- `public static function findByUsernameAndPassword($username, $password)`
- `public static function findByUsername($username)`

Creating specific view for OAuth2
---------------------------------

[](#creating-specific-view-for-oauth2)

In order to use your own views (instead of the builtin ones), you can override

- `layout` : module parameter `overrideLayout`
- `viewPath` : module parameter `overrideViewPath`

### Overriding layout

[](#overriding-layout)

You should create a classic layout like :

```
