Skip to content

OAuth2

Raxos OAuth2 turns a router application into a self-hosted OAuth2 authorization server. It ships a controller with the standard authorize, token and revoke endpoints, a middleware that guards resource routes with bearer tokens, and a set of small factory contracts (client, scope, token) that the host application implements against its own storage. The authorization code and refresh token grants and the code and token response types are implemented out of the box; everything that touches persistence is left to the application through the factory interfaces.

Highlights

Explore by category

  • Server setup: implement the three factory contracts and expose the current owner through an OAuth2Server subclass.
  • Authorization flow: the authorize, token and revoke endpoints exposed by OAuth2Controller, and how grant and response types plug into them.
  • Protecting routes: guard resource routes with OAuth2Middleware and a bearer access token.
  • Error handling: the OAuth2ServerException hierarchy and how each error maps to an OAuth2 error code and HTTP status.

Quick example

php
<?php
declare(strict_types=1);

namespace App\OAuth2;

use App\Models\User;
use Raxos\OAuth2\Server\OAuth2Server as BaseOAuth2Server;
use function App\{currentUser, isAuthenticated};

final class OAuth2Server extends BaseOAuth2Server
{
    public function getOwner(): ?User
    {
        return currentUser();
    }

    public function hasOwner(): bool
    {
        return isAuthenticated();
    }
}

The three factories (client, scope and token) are passed to the parent constructor and connect the server to the host application's own storage and authentication state.

Installation

Install the package with Composer. See installation for the required PHP version and Raxos package dependencies.

shell
composer require raxos/oauth2