PHPackages tegaphilip/padlock - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. tegaphilip/padlock ActiveLibrary[Authentication & Authorization](/categories/authentication) tegaphilip/padlock ================== Padlock, A phalcon Authentication Server provides OAuth2 support for Phalcon Apps v1.0.0(7y ago)27986[1 issues](https://github.com/tegaphilip/padlock/issues)[4 PRs](https://github.com/tegaphilip/padlock/pulls)MITPHP Since Aug 1Pushed 3y agoCompare [ Source](https://github.com/tegaphilip/padlock)[ Packagist](https://packagist.org/packages/tegaphilip/padlock)[ RSS](/packages/tegaphilip-padlock/feed)WikiDiscussions master Synced 2d ago READMEChangelogDependencies (8)Versions (5)Used By (0) Padlock, Phalcon Authentication Server ====================================== [](#padlock-phalcon-authentication-server) [![Latest Version on Packagist](https://camo.githubusercontent.com/9294ac99fd453d17cc0ddbc5b783985310f679a838bad3fead21284c3827d1c2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f746567617068696c69702f7061646c6f636b2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tegaphilip/padlock)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Total Downloads](https://camo.githubusercontent.com/630aa50ab34e22d39dd6cd5a5e74646202c33e2a9474f26963e8f03533bfc071/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f746567617068696c69702f7061646c6f636b2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tegaphilip/padlock/stats) Padlock is a docker-based phalcon authentication server built on top of the [PHP OAuth 2.0 Server](https://github.com/thephpleague/oauth2-server) Setting Up ---------- [](#setting-up) - Add the entries `padlock.local` and `padlock-test.local` and map to `127.0.0.1` in your `/etc/hosts` file - Ensure you have docker installed - Make a copy of `.env.sample` to `.env` in the `app/env/` directory and replace the values. - You can generate the `ENCRYPTION_KEY` environment variable by running `php -r "echo base64_encode(random_bytes(40)) . PHP_EOL;"` on the command line - cd into the `keys` directory and generate your public and private keys like so: `openssl genrsa -out private.key 2048`then `openssl rsa -in private.key -pubout -out public.key`. These are needed for encrypting and decrypting tokens - You will need to change the permissions of the private and public keys you create in the previous step to the following: `chgrp www-data -R keys` Then `chmod 600 keys/private.key` - Feel free to change the port mappings in `docker-compose.yml` if you already have services running on ports `8899` for the phalcon app and `33066` for the mysql server - Run the app like this `./bin/start.sh` or run `docker-compose up -d` - Login to mysql using the credentials host:127.0.0.1, username: root, password:root, port: 33066 - Create two databases: `padlock_db` and `padlock_test_db` and import the sql file found in `app/db/padlock.sql` into both databases Try it out ========== [](#try-it-out) Requesting a Token ------------------ [](#requesting-a-token) 1. Password Grant Flow: Send a `POST` request to `http://padlock.local:8899/api/v1/oauth/token` with the following parameters: - client\_id: test - client\_secret: secret - grant\_type: password - username: abc - password: abc NOTE: This grant returns an access token and a refresh token 2. Client Credentials Grant Flow: Send a `POST` request to `http://padlock.local:8899/api/v1/oauth/token` with the following parameters: - client\_id: test - client\_secret: secret - grant\_type: client\_credentials NOTE: This grant returns only an access token 3. Refresh Token Grant: Send a `POST` request to `http://padlock.local:8899/api/v1/oauth/token` with the following parameters: - client\_id: test - client\_secret: secret - grant\_type: refresh\_token - refresh\_token: value gotten from any flow that returns a refresh token (e.g password grant flow) NOTE: This grant returns another access token and refresh token and invalidates/revokes the previous ones 4. Implicit Grant: Send a `GET` request to `http://padlock.local:8899/api/v1/oauth/authorize` with the following parameters: - client\_id: test - response\_type: token - state: a random string (optional) - redirect\_uri: (optional) NOTE: This grant returns an access token immediately. It does not return a refresh token. 5. Authorization Code Grant: Send a `GET` request to `http://padlock.local:8899/api/v1/oauth/authorize` with the following parameters: - client\_id: test - response\_type: code - state: a random string (optional) - redirect\_uri: (optional) NOTE: This grant returns an authorization code that is then used to request for a token by sending a `POST`request to the endpoint `http://padlock.local:8899/api/v1/oauth/token` with the following parameters: - client\_id: test - client\_secret: secret - grant\_type: authorization\_code - code: value gotten from the get request - redirect\_uri: (optional) Validating a Token ------------------ [](#validating-a-token) Send a `POST` request to `http://padlock.local:8899/api/v1/oauth/token/validate` with an `Authorization` header whose value is `Bearer {access_token}` Running Tests ------------- [](#running-tests) - Make a copy of `.env.sample` to `.env.test` in the `app/env/` directory and replace the values. - Login to the app container using `./bin/login.sh` or run `docker exec -it padlock_app bash` - Execute unit tests `./unit-test.sh` (uses [PHPUnit](https://phpunit.de/)) - Run integration tests using `./integration-test.sh` (uses [Codeception](https://codeception.com/)) Install ------- [](#install) Via Composer ``` $ composer require tegaphilip/padlock ``` Change log ---------- [](#change-log) Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) and [CONDUCT](CONDUCT.md) for details. Credits ------- [](#credits) - [Tega Oghenekohwo](https://github.com/tegaphilip) - [Adeyemi Olaoye](https://github.com/yemexx1) - [All Contributors](../../contributors) ### Health Score 32 — LowBetter than 72% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity21 Limited adoption so far Community11 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 84.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 2842d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/3d645457ee12a10400bdef02717de904c230ec3764f5d8a9fe4a929f195f3ae4?d=identicon)[tegaphilip](/maintainers/tegaphilip) --- Top Contributors [![tegaphilip](https://avatars.githubusercontent.com/u/6582993?v=4)](https://github.com/tegaphilip "tegaphilip (11 commits)")[![mostafaahamidmanon](https://avatars.githubusercontent.com/u/65107021?v=4)](https://github.com/mostafaahamidmanon "mostafaahamidmanon (2 commits)") --- Tags oauth2phalconphalcon-phpoauthoauth2phalconpadlock ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/tegaphilip-padlock/health.svg) ``` [![Health](https://phpackages.com/badges/tegaphilip-padlock/health.svg)](https://phpackages.com/packages/tegaphilip-padlock) ``` ### Alternatives [uafrica/oauth-server OAuth Server for CakePHP 3 using the PHP League's OAuth2 Server 5172.1k](/packages/uafrica-oauth-server)[chervand/yii2-oauth2-server OAuth 2.0 server for Yii 2.0 with MAC tokens support. 1524.2k1](/packages/chervand-yii2-oauth2-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)