PHPackages                             ybelenko/oauth2\_as\_oas3\_components - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. ybelenko/oauth2\_as\_oas3\_components

ActiveLibrary[API Development](/categories/api)

ybelenko/oauth2\_as\_oas3\_components
=====================================

OAuth2 definitions as OpenAPI Spec 3.0 components

1.0.1(5y ago)951MIT

Since Apr 16Pushed 5y ago2 watchersCompare

[ Source](https://github.com/ybelenko/oauth2_as_oas3_components)[ Packagist](https://packagist.org/packages/ybelenko/oauth2_as_oas3_components)[ RSS](/packages/ybelenko-oauth2-as-oas3-components/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (3)Used By (0)

OAuth2 as OpenAPI Spec 3.0 components
=====================================

[](#oauth2-as-openapi-spec-30-components)

The example file which describes OAuth2 token endpoints located [dist/oauth2\_endpoints.yml](dist/oauth2_endpoints.yml).

Why this package exists
-----------------------

[](#why-this-package-exists)

Since [RFC 6749 OAuth2](https://tools.ietf.org/html/rfc6749) server implementation may be very different(optional/recommended response fields, extended grant) it might me useful to describe your unique implementation within your OAS3 file. It's also very handy to see examples of your token and error response, because RFC6749 is a text document without any pictures or graphs. The example file mentioned before contains description of token endpoints for each authorization grant, consider it as starting point.

Example file omits [authorization endpoint](https://tools.ietf.org/html/rfc6749#section-3.1) endpoint on purpose. I don't know how to describe it with OAS3 since endpoint response isn't JSON(html page). If you have any suggestion please submit an issue to this repo.

Since [RFC 6749 - The OAuth2.0 Authorization Framework - 2.3.1. Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) doesn't recommend to send client password in request body then our example expects basic authorization in all endpoints.

Installation
------------

[](#installation)

### Copy Paste

[](#copy-paste)

Since it's not actually a code, but markup you can just copy anything you want from [dist/oauth2\_endpoints.yml](dist/oauth2_endpoints.yml).

There is also enhanced example with polymorphism at [dist/oauth2\_endpoints\_polymorphism.yml](dist/oauth2_endpoints_polymorphism.yml). **Please, make sure that your tools supports polymorphism. This example contains new features not highly adopted yet. Check at least `oneOf` property support. I wouldn't use it myself because most of the OpenAPI tools have issues with polymorphism now, but this example may be useful in forseeable future.**

### Composer

[](#composer)

Install [Composer - Dependency Manager for PHP](https://getcomposer.org/download/)

Then run in terminal:

```
composer require ybelenko/oauth2_as_oas3_components
```

Use provided components via `$ref` attribute like:

```
paths:
  /token:
    post:
      summary: Obtain access token with "authorization_code" grant.
      requestBody:
        $ref: './vendor/ybelenko/oauth2_as_oas3_components/dist/components/requestBodies/TokenRequestCodeGrant.yml'
      responses:
        '200':
          $ref: './vendor/ybelenko/oauth2_as_oas3_components/dist/components/responses/OAuth2TokenSuccessResponse.yml'
        '4XX':
          $ref: './vendor/ybelenko/oauth2_as_oas3_components/dist/components/responses/OAuth2TokenErrorResponse.yml'
```

Extended example with refs [dist/oauth2\_endpoints\_with\_refs.yml](dist/oauth2_endpoints_with_refs.yml)

### NPM

[](#npm)

[Install NPM and Node.js](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)

Then run in terminal:

```
npm i --save oauth2_as_oas3_components
```

Use provided components via `$ref` attribute like:

```
paths:
  /token:
    post:
      summary: Obtain access token with "authorization_code" grant.
      requestBody:
        $ref: './node_modules/oauth2_as_oas3_components/dist/components/requestBodies/TokenRequestCodeGrant.yml'
      responses:
        '200':
          $ref: './node_modules/oauth2_as_oas3_components/dist/components/responses/OAuth2TokenSuccessResponse.yml'
        '4XX':
          $ref: './node_modules/oauth2_as_oas3_components/dist/components/responses/OAuth2TokenErrorResponse.yml'
```

Extended example with refs [dist/oauth2\_endpoints\_with\_refs.yml](dist/oauth2_endpoints_with_refs.yml)

Contributing
------------

[](#contributing)

If you have any suggestions please submit an issue.

License
-------

[](#license)

[MIT License](LICENSE)

###  Health Score

26

—

LowBetter than 43% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity11

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~4 days

Total

2

Last Release

1848d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/bc88fb16ce6ab53268f3ea38dec05691aa20360ab4dc91f3ddab815e7625545a?d=identicon)[ybelenko](/maintainers/ybelenko)

---

Top Contributors

[![ybelenko](https://avatars.githubusercontent.com/u/5541023?v=4)](https://github.com/ybelenko "ybelenko (8 commits)")

---

Tags

componentsoas3oauth2openapiopenapicomponentsoauth2oas3

### Embed Badge

![Health badge](/badges/ybelenko-oauth2-as-oas3-components/health.svg)

```
[![Health](https://phpackages.com/badges/ybelenko-oauth2-as-oas3-components/health.svg)](https://phpackages.com/packages/ybelenko-oauth2-as-oas3-components)
```

###  Alternatives

[swagger-api/swagger-ui

 Swagger UI is a collection of HTML, Javascript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

28.7k45.4M99](/packages/swagger-api-swagger-ui)[darkaonline/l5-swagger

OpenApi or Swagger integration to Laravel

2.9k34.0M112](/packages/darkaonline-l5-swagger)[dedoc/scramble

Automatic generation of API documentation for Laravel applications.

2.0k7.8M57](/packages/dedoc-scramble)[cebe/php-openapi

Read and write OpenAPI yaml/json files and make the content accessable in PHP objects.

49815.4M86](/packages/cebe-php-openapi)[jolicode/slack-php-api

An up to date PHP client for Slack's API

2534.4M12](/packages/jolicode-slack-php-api)[darkaonline/swagger-lume

OpenApi or Swagger integration to Lumen

3372.3M3](/packages/darkaonline-swagger-lume)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)