PHPackages                             zfr/zfr-oauth2-server-module - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. zfr/zfr-oauth2-server-module

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

zfr/zfr-oauth2-server-module
============================

Zend Framework 2 module for ZfrOAuth2Server

0.7.0(10y ago)1236.7k↓35.8%61MITPHPPHP &gt;=5.5

Since Mar 30Pushed 9y ago8 watchersCompare

[ Source](https://github.com/zf-fr/zfr-oauth2-server-module)[ Packagist](https://packagist.org/packages/zfr/zfr-oauth2-server-module)[ Docs](http://www.github.com/zf-fr/zfr-oauth2-server-module)[ RSS](/packages/zfr-zfr-oauth2-server-module/feed)WikiDiscussions master Synced yesterday

READMEChangelog (9)Dependencies (12)Versions (12)Used By (1)Security (1)

ZfrOAuth2Module\\Server
=======================

[](#zfroauth2moduleserver)

[![Build Status](https://camo.githubusercontent.com/a1d4563b5e9696bae64aa902b97038463078f2a2afd12e515f4eb6e024fbe0d2/68747470733a2f2f7472617669732d63692e6f72672f7a662d66722f7a66722d6f61757468322d7365727665722d6d6f64756c652e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/zf-fr/zfr-oauth2-server-module)[![Latest Stable Version](https://camo.githubusercontent.com/0a110204a7bd233445225ee86f17327132dd979e3da2dddd0e292260e75b3356/68747470733a2f2f706f7365722e707567782e6f72672f7a66722f7a66722d6f61757468322d7365727665722d6d6f64756c652f762f737461626c652e706e67)](https://packagist.org/packages/zfr/zfr-oauth2-server-module)[![Coverage Status](https://camo.githubusercontent.com/86ca3b17a948121df0a65fae55481e940a19a40ce538ca7e078b1a5b37ac5251/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f7a662d66722f7a66722d6f61757468322d7365727665722d6d6f64756c652f62616467652e706e67)](https://coveralls.io/r/zf-fr/zfr-oauth2-server-module)[![Total Downloads](https://camo.githubusercontent.com/dab35f00bf2883009ec6e973feaeb325ebdacb322a961a29a8c14f411c2835d8/68747470733a2f2f706f7365722e707567782e6f72672f7a66722f7a66722d6f61757468322d7365727665722d6d6f64756c652f646f776e6c6f6164732e706e67)](https://packagist.org/packages/zfr/zfr-oauth2-server-module)

ZfrOAuth2Module\\Server is a Zend Framework 2 module for ZfrOAuth2\\Server. Its goal is to easily create a OAuth 2 compliant server.

Requirements
------------

[](#requirements)

- PHP 5.5 or higher
- [ZfrOAuth2Server](https://github.com/zf-fr/zfr-oauth2-server)

Versioning note
---------------

[](#versioning-note)

Please note that until I reach 1.0, I **WILL NOT** follow semantic version. This means that BC can occur between 0.1.x and 0.2.x releases. If you are using this in production, please set your dependency using 0.1.\*, for instance.

Installation
------------

[](#installation)

Installation is only officially supported using Composer:

```
php composer.phar require zfr/zfr-oauth2-server-module:0.7.*
```

Copy-paste the `zfr_oauth2_server.global.php.dist` file to your `autoload` folder, and enable the module by adding `ZfrOAuth2Module\Server` to your `application.config.php` file.

Documentation
-------------

[](#documentation)

### Configuring the module

[](#configuring-the-module)

ZfrOAuth2Module\\Server provides a lot of default configuration. However, there are some information you need to provide.

#### Setting the User class

[](#setting-the-user-class)

When a token is generated, it is automatically linked to an owner. Most of the time, it will be a user. For this mapping to work, you must make sure your user class implements the `ZfrOAuth2\Server\Entity\TokenOwnerInterface`interface. Then, you need to modify the Doctrine mapping to associate this interface with your own user class. The code is already set in the `zfr_oauth2_server.global.php.dist` file:

```
use Application\Entity\User;
use ZfrOAuth2\Server\Entity\TokenOwnerInterface;

return [
    'doctrine' => [
        'entity_resolver' => [
            'orm_default' => [
                TokenOwnerInterface::class => Application\Entity\User::class
            ]
        ]
    ]
]
```

#### Adding grant types

[](#adding-grant-types)

By default, your OAuth2 server does not support anything. You must configure it by adding all the grants you want to support. For instance, the following config will make your server compatible with the "User credentials" grant as well as the "Refresh token" grant:

```
use ZfrOAuth2\Server\Grant\PasswordGrant;
use ZfrOAuth2\Server\Grant\RefreshTokenGrant';

return [
    'zfr_oauth2_server' => [
        'grants' => [
            PasswordGrant::class,
            RefreshTokenGrant::class
        ]
    ]
]
```

#### Specifying a callable for validating password and username

[](#specifying-a-callable-for-validating-password-and-username)

When using the "User credentials" grant (also called the Password grant), the username and password are automatically passed to a callable. If the callable return a `TokenOwnerInterface` instance, then it's considered as valid and the access token is created. Otherwise, an error is thrown.

```
return [
    'zfr_oauth2_server' => [
        'owner_callable' => function($username, $password) {
            // If valid, return the user, otherwise return null
        }
    ]
];
```

You can also pass a service key, that will be pulled from the service manager, if you need to inject dependencies.

### Delete expired tokens

[](#delete-expired-tokens)

ZfrOAuth2Module\\Server offers a console route you can use to delete expired access tokens. You can use this as a CRON task to clean your database. In the `public` folder, use the following command:

`php index.php oauth2 server delete expired tokens`.

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity36

Limited adoption so far

Community22

Small or concentrated contributor base

Maturity55

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 68.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~61 days

Recently: every ~111 days

Total

9

Last Release

3989d ago

PHP version history (2 changes)0.1.0PHP &gt;=5.4

0.7.0PHP &gt;=5.5

### Community

Maintainers

![](https://www.gravatar.com/avatar/9e3c74232d02a5fedbcef4650bac1d1103be292d4a013f6f9e692befcc9bb7ca?d=identicon)[bakura10](/maintainers/bakura10)

---

Top Contributors

[![bakura10](https://avatars.githubusercontent.com/u/1198915?v=4)](https://github.com/bakura10 "bakura10 (71 commits)")[![Ocramius](https://avatars.githubusercontent.com/u/154256?v=4)](https://github.com/Ocramius "Ocramius (21 commits)")[![ojhaujjwal](https://avatars.githubusercontent.com/u/4995501?v=4)](https://github.com/ojhaujjwal "ojhaujjwal (4 commits)")[![gabrielsch](https://avatars.githubusercontent.com/u/1733354?v=4)](https://github.com/gabrielsch "gabrielsch (2 commits)")[![awartoft](https://avatars.githubusercontent.com/u/1127626?v=4)](https://github.com/awartoft "awartoft (2 commits)")[![Orkin](https://avatars.githubusercontent.com/u/1061903?v=4)](https://github.com/Orkin "Orkin (2 commits)")[![basz](https://avatars.githubusercontent.com/u/143068?v=4)](https://github.com/basz "basz (1 commits)")

---

Tags

serveroauthoauth 2

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/zfr-zfr-oauth2-server-module/health.svg)

```
[![Health](https://phpackages.com/badges/zfr-zfr-oauth2-server-module/health.svg)](https://phpackages.com/packages/zfr-zfr-oauth2-server-module)
```

###  Alternatives

[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.7k147.0M290](/packages/league-oauth2-server)[zf-commons/zfc-user

A generic user registration and authentication module for ZF2. Supports Zend\\Db and Doctrine2.

4851.1M71](/packages/zf-commons-zfc-user)[socalnick/scn-social-auth

Uses the HybridAuth PHP library to Enable authentication via Google, Facebook, Twitter, Yahoo!, etc for the ZfcUser ZF2 module.

21975.0k3](/packages/socalnick-scn-social-auth)[zfr/zfr-oauth2-server

PHP library to create an OAuth 2 server

3741.1k2](/packages/zfr-zfr-oauth2-server)[chervand/yii2-oauth2-server

OAuth 2.0 server for Yii 2.0 with MAC tokens support.

1524.7k1](/packages/chervand-yii2-oauth2-server)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
