PHPackages trikoder/oauth2-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. trikoder/oauth2-bundle ActiveSymfony-bundle trikoder/oauth2-bundle ====================== Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities. v4.0.0(2y ago)2521.8M—10%112[26 issues](https://github.com/trikoder/oauth2-bundle/issues)[7 PRs](https://github.com/trikoder/oauth2-bundle/pulls)MITPHPPHP >=8.1 Since Nov 28Pushed 2y ago19 watchersCompare [ Source](https://github.com/trikoder/oauth2-bundle)[ Packagist](https://packagist.org/packages/trikoder/oauth2-bundle)[ Docs](https://www.trikoder.net/)[ RSS](/packages/trikoder-oauth2-bundle/feed)WikiDiscussions v3.x Synced 1mo ago READMEChangelog (10)Dependencies (14)Versions (19)Used By (0) Trikoder OAuth 2 Bundle ======================= [](#trikoder-oauth-2-bundle) [![Build Status](https://github.com/trikoder/oauth2-bundle/workflows/Tests/badge.svg?branch=v3.x)](https://github.com/trikoder/oauth2-bundle/actions)[![Latest Stable Version](https://camo.githubusercontent.com/bde7001ecb763638f3c3a6ed313a551be1657fa228fcd98cb3e4e3e18e0f9347/68747470733a2f2f706f7365722e707567782e6f72672f7472696b6f6465722f6f61757468322d62756e646c652f762f737461626c65)](https://packagist.org/packages/trikoder/oauth2-bundle)[![License](https://camo.githubusercontent.com/202c0228edda7139ad1f707bf4d67ea4816d6b77c6f6b72acd485974099fcd4b/68747470733a2f2f706f7365722e707567782e6f72672f7472696b6f6465722f6f61757468322d62756e646c652f6c6963656e7365)](https://packagist.org/packages/trikoder/oauth2-bundle)[![Code coverage](https://camo.githubusercontent.com/5bf0aaea70ec20412806e28c9b8f73b9fe4619c7fc01d790e1ada526cffbf286/68747470733a2f2f636f6465636f762e696f2f67682f7472696b6f6465722f6f61757468322d62756e646c652f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/trikoder/oauth2-bundle) Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities. The authorization and resource server actors are implemented using the [thephpleague/oauth2-server](https://github.com/thephpleague/oauth2-server) library. Important notes --------------- [](#important-notes) This bundle provides the "glue" between [thephpleague/oauth2-server](https://github.com/thephpleague/oauth2-server) library and Symfony. It implements [thephpleague/oauth2-server](https://github.com/thephpleague/oauth2-server) library in a way specified by its official documentation. For implementation into Symfony project, please see [bundle documentation](docs/basic-setup.md) and official [Symfony security documentation](https://symfony.com/doc/current/security.html). Status ⚠️ --------- [](#status-️) Active development is currently on hold, as this repository is in progress of migrating to the [thephpleague/oauth2-server-bundle](https://github.com/thephpleague/oauth2-server-bundle) project. *The current repository will be **discontinued** whenever the `v1.0` release is ready in [oauth2-server-bundle](https://github.com/thephpleague/oauth2-server-bundle/releases).**See [this comment](https://github.com/trikoder/oauth2-bundle/pull/292#issuecomment-990943939) for more information.* Features -------- [](#features) - API endpoint for client authorization and token issuing - Configurable client and token persistance (includes [Doctrine](https://www.doctrine-project.org/) support) - Integration with Symfony's [Security](https://symfony.com/doc/current/security.html) layer Requirements ------------ [](#requirements) - [PHP 7.2](http://php.net/releases/7_2_0.php) or greater - [Symfony 4.4](https://symfony.com/roadmap/4.4) or [Symfony 5.x](https://symfony.com/roadmap/5.0) Installation ------------ [](#installation) 1. Require the bundle and a PSR 7/17 implementation with Composer: ``` composer require trikoder/oauth2-bundle nyholm/psr7 ``` If your project is managed using [Symfony Flex](https://github.com/symfony/flex), the rest of the steps are not required. Just follow the post-installation instructions instead! 🎉 > **NOTE:** This bundle requires a PSR 7/17 implementation to operate. We recommend that you use [nyholm/psr7](https://github.com/Nyholm/psr7). Check out this [document](docs/psr-implementation-switching.md) if you wish to use a different implementation. 2. Create the bundle configuration file under `config/packages/trikoder_oauth2.yaml`. Here is a reference configuration file: ``` trikoder_oauth2: authorization_server: # Required # Full path to the private key file. # How to generate a private key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys private_key: ~ # Required, Example: /var/oauth/private.key # Passphrase of the private key, if any. private_key_passphrase: null # The plain string or the ascii safe string used to create a Defuse\Crypto\Key to be used as an encryption key. # How to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password encryption_key: ~ # Required # The type of value of "encryption_key". encryption_key_type: plain # One of "plain"; "defuse" # How long the issued access token should be valid for, used as a default if there is no grant type specific value set. # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters access_token_ttl: PT1H # How long the issued refresh token should be valid for, used as a default if there is no grant type specific value set. # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters refresh_token_ttl: P1M # How long the issued authorization code should be valid for. # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters auth_code_ttl: ~ # Deprecated ("trikoder_oauth2.authorization_server.auth_code_ttl" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.auth_code_ttl" instead.) # Whether to require code challenge for public clients for the authorization code grant. require_code_challenge_for_public_clients: ~ # Deprecated ("trikoder_oauth2.authorization_server.require_code_challenge_for_public_clients" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.) # Whether to enable the authorization code grant. enable_auth_code_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_auth_code_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.authorization_code.enable" instead.) # Whether to enable the client credentials grant. enable_client_credentials_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_client_credentials_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.client_credentials.enable" instead.) # Whether to enable the implicit grant. enable_implicit_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_implicit_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.implicit.enable" instead.) # Whether to enable the password grant. enable_password_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_password_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.password.enable" instead.) # Whether to enable the refresh token grant. enable_refresh_token_grant: ~ # Deprecated ("trikoder_oauth2.authorization_server.enable_refresh_token_grant" is deprecated, use "trikoder_oauth2.authorization_server.grant_types.refresh_token.enable" instead.) # Enable and configure grant types. grant_types: authorization_code: # Whether to enable the authorization code grant. enable: true # How long the issued access token should be valid for the authorization code grant. access_token_ttl: ~ # How long the issued refresh token should be valid for the authorization code grant. refresh_token_ttl: ~ # How long the issued authorization code should be valid for. # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters auth_code_ttl: PT10M # Whether to require code challenge for public clients for the authorization code grant. require_code_challenge_for_public_clients: true client_credentials: # Whether to enable the client credentials grant. enable: true # How long the issued access token should be valid for the client credentials grant. access_token_ttl: ~ implicit: # Whether to enable the implicit grant. enable: true # How long the issued access token should be valid for the implicit grant. access_token_ttl: ~ password: # Whether to enable the password grant. enable: true # How long the issued access token should be valid for the password grant. access_token_ttl: ~ # How long the issued refresh token should be valid for the password grant. refresh_token_ttl: ~ refresh_token: # Whether to enable the refresh token grant. enable: true # How long the issued access token should be valid for the refresh token grant. access_token_ttl: ~ # How long the issued refresh token should be valid for the refresh token grant. refresh_token_ttl: ~ resource_server: # Required # Full path to the public key file. # How to generate a public key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys public_key: ~ # Required, Example: /var/oauth/public.key # Scopes that you wish to utilize in your application. # This should be a simple array of strings. scopes: [] # Configures different persistence methods that can be used by the bundle for saving client and token data. # Only one persistence method can be configured at a time. persistence: # Required doctrine: # Name of the entity manager that you wish to use for managing clients and tokens. entity_manager: default in_memory: ~ # The priority of the event listener that converts an Exception to a Response. exception_event_listener_priority: 10 # Set a custom prefix that replaces the default "ROLE_OAUTH2_" role prefix. role_prefix: ROLE_OAUTH2_ ``` 3. Enable the bundle in `config/bundles.php` by adding it to the array: ``` Trikoder\Bundle\OAuth2Bundle\TrikoderOAuth2Bundle::class => ['all' => true] ``` 4. Update the database so bundle entities can be persisted using Doctrine: ``` bin/console doctrine:schema:update --force ``` 5. Import the routes inside your `config/routes.yaml` file: ``` oauth2: resource: '@TrikoderOAuth2Bundle/Resources/config/routes.xml' ``` You can verify that everything is working by issuing a `POST` request to the `/token` endpoint. **❮ NOTE ❯** It is recommended to control the access to the authorization endpoint so that only logged in users can approve authorization requests. You should review your `security.yml` file. Here is a sample configuration: ``` security: access_control: - { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED } ``` Configuration ------------- [](#configuration) - [Basic setup](docs/basic-setup.md) - [Controlling token scopes](docs/controlling-token-scopes.md) - [Password grant handling](docs/password-grant-handling.md) - [Implementing custom grant type](docs/implementing-custom-grant-type.md) Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Versioning ---------- [](#versioning) This project adheres to [Semantic Versioning 2.0.0](http://semver.org/). Randomly breaking public APIs is not an option. However, starting with version 4, we only promise to follow SemVer on structural elements marked with the [@api tag](https://github.com/php-fig/fig-standards/blob/2668020622d9d9eaf11d403bc1d26664dfc3ef8e/proposed/phpdoc-tags.md#51-api). Changes ------- [](#changes) All the package releases are recorded in the [CHANGELOG](CHANGELOG.md) file. Reporting issues ---------------- [](#reporting-issues) Use the [issue tracker](https://github.com/trikoder/oauth2-bundle/issues) to report any issues you might have. License ------- [](#license) See the [LICENSE](LICENSE.md) file for license rights and limitations (MIT). ### Health Score 51 — FairBetter than 96% of packages Maintenance18 Infrequent updates — may be unmaintained Popularity60 Solid adoption and visibility Community31 Small or concentrated contributor base Maturity78 Established project with proven stability Bus Factor3 3 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~119 days Recently: every ~244 days Total 15 Last Release 1055d ago Major Versions v1.1.0 → v2.0.0-beta12019-06-14 v2.1.1 → v3.0.02020-02-26 v2.x-dev → v3.2.02020-10-26 v3.x-dev → v4.0.02023-06-29 PHP version history (2 changes)v1.0.0PHP >=7.2 v4.0.0PHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/9d6c9b1e763ee9f045c714e8ad045c05b4bd29d5b86b350a2c6d7eede25c78d9?d=identicon)[alenpokos](/maintainers/alenpokos) ![](https://www.gravatar.com/avatar/01d9a41b7be255dcaa36edb32ff73f97d595f0a02fe3a5cde0150bd50c488906?d=identicon)[X-Coder264](/maintainers/X-Coder264) --- Top Contributors [![HypeMC](https://avatars.githubusercontent.com/u/2445045?v=4)](https://github.com/HypeMC "HypeMC (71 commits)")[![Allypost](https://avatars.githubusercontent.com/u/5151543?v=4)](https://github.com/Allypost "Allypost (64 commits)")[![spideyfusion](https://avatars.githubusercontent.com/u/704579?v=4)](https://github.com/spideyfusion "spideyfusion (46 commits)")[![X-Coder264](https://avatars.githubusercontent.com/u/12602463?v=4)](https://github.com/X-Coder264 "X-Coder264 (45 commits)")[![elchris](https://avatars.githubusercontent.com/u/3396192?v=4)](https://github.com/elchris "elchris (43 commits)")[![Nyholm](https://avatars.githubusercontent.com/u/1275206?v=4)](https://github.com/Nyholm "Nyholm (29 commits)")[![ajgarlag](https://avatars.githubusercontent.com/u/388184?v=4)](https://github.com/ajgarlag "ajgarlag (20 commits)")[![rjwebdev](https://avatars.githubusercontent.com/u/12196579?v=4)](https://github.com/rjwebdev "rjwebdev (11 commits)")[![franjo-zadelj-trikoder](https://avatars.githubusercontent.com/u/72796720?v=4)](https://github.com/franjo-zadelj-trikoder "franjo-zadelj-trikoder (9 commits)")[![dkreuer](https://avatars.githubusercontent.com/u/461576?v=4)](https://github.com/dkreuer "dkreuer (3 commits)")[![carlos-ea](https://avatars.githubusercontent.com/u/5512089?v=4)](https://github.com/carlos-ea "carlos-ea (2 commits)")[![gschafra](https://avatars.githubusercontent.com/u/3999582?v=4)](https://github.com/gschafra "gschafra (2 commits)")[![Orkin](https://avatars.githubusercontent.com/u/1061903?v=4)](https://github.com/Orkin "Orkin (2 commits)")[![kdckrs](https://avatars.githubusercontent.com/u/2227271?v=4)](https://github.com/kdckrs "kdckrs (2 commits)")[![yceruto](https://avatars.githubusercontent.com/u/2028198?v=4)](https://github.com/yceruto "yceruto (1 commits)")[![alexsegura](https://avatars.githubusercontent.com/u/1162230?v=4)](https://github.com/alexsegura "alexsegura (1 commits)")[![AnthonyMatignonCR](https://avatars.githubusercontent.com/u/66681771?v=4)](https://github.com/AnthonyMatignonCR "AnthonyMatignonCR (1 commits)")[![bmaximilian](https://avatars.githubusercontent.com/u/24223521?v=4)](https://github.com/bmaximilian "bmaximilian (1 commits)")[![dsiemensma-framna](https://avatars.githubusercontent.com/u/50197397?v=4)](https://github.com/dsiemensma-framna "dsiemensma-framna (1 commits)")[![abraxas81](https://avatars.githubusercontent.com/u/6417547?v=4)](https://github.com/abraxas81 "abraxas81 (1 commits)") --- Tags bundleoauth2phpsymfonyoauth2 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/trikoder-oauth2-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/trikoder-oauth2-bundle/health.svg)](https://phpackages.com/packages/trikoder-oauth2-bundle) ``` ### Alternatives [prestashop/prestashop PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. 9.0k15.4k](/packages/prestashop-prestashop)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[kimai/kimai Kimai - Time Tracking 4.6k7.4k1](/packages/kimai-kimai)[contao/core-bundle Contao Open Source CMS 1231.6M2.4k](/packages/contao-core-bundle)[shopware/core Shopware platform is the core for all Shopware ecommerce products. 595.2M386](/packages/shopware-core)[ec-cube/ec-cube EC-CUBE EC open platform. 78527.0k1](/packages/ec-cube-ec-cube) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)