This is a basic Oauth2 authorization/authentication server implemented using Mezzio.

Overview

Mezzio-OAuth2-Authorization-Authentication-Server

This is a basic OAuth2 authorization/authentication server implemented using Mezzio.

I have found some problems with Mezzio prepared sql queries used to create tables needed by OAuth2. In this project we have overcome tricks in creating new Mezzio/OAuth2 server.

OAuth2 Sql Preparation: Please use these queries in order to create and prepare tables needed in OAuth2:

--
-- Table structure for table `oauth_access_tokens`
--

CREATE TABLE `oauth_access_tokens` (
  `id` varchar(100) PRIMARY KEY NOT NULL,
  -- Hint: 'user_id' is introduced as an int column in original sql 
  -- query provided in mezzio-authentication-oauth2 package! 
  -- But here we change it to a varchar column beacuse of getUserIdentifier() 
  -- in vendor/mezzio/mezzio-authentication-oauth2/src/Repository/Pdo/AccessTokenRepository.php,
  -- which is a string as well.
  `user_id` varchar(255) DEFAULT NULL,
  -- Hint: 'client_id' is introduced as an int column in original sql 
  -- query provided in mezzio-authentication-oauth2 package! 
  -- But here we change it to a varchar column beacuse of getClient()->getIdentifier() 
  -- in vendor/mezzio/mezzio-authentication-oauth2/src/Repository/Pdo/AccessTokenRepository.php,
  -- which is a string as well.
  `client_id` varchar(255) NOT NULL,
  `name` varchar(255) DEFAULT NULL,
  `scopes` text,
  `revoked` tinyint(1) NOT NULL DEFAULT '0',
  `created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `updated_at` datetime DEFAULT NULL,
  `expires_at` datetime NOT NULL
);

CREATE INDEX `IDX_CA42527CA76ED39519EB6921BDA26CCD` ON oauth_access_tokens (`user_id`,`client_id`);
CREATE INDEX `IDX_CA42527CA76ED395` ON oauth_access_tokens (`user_id`);
CREATE INDEX `IDX_CA42527C19EB6921` ON oauth_access_tokens (`client_id`);

--
-- Table structure for table `oauth_auth_codes`
--

CREATE TABLE `oauth_auth_codes` (
  `id` varchar(100) PRIMARY KEY NOT NULL,
  `user_id` int(10) DEFAULT NULL,
  `client_id` int(10) NOT NULL,
  `scopes` text,
  `revoked` tinyint(1) NOT NULL DEFAULT '0',
  `expires_at` datetime DEFAULT NULL
);

CREATE INDEX `IDX_BB493F83A76ED395` ON oauth_auth_codes (`user_id`);
CREATE INDEX `IDX_BB493F8319EB6921` ON oauth_auth_codes (`client_id`);

--
-- Table structure for table `oauth_clients`
--

CREATE TABLE `oauth_clients` (
  -- Hint: You may want to change AUTOINCREMENT to AUTO_INCREMENT
  `id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
  `user_id` int(10) DEFAULT NULL,
  `name` varchar(100) NOT NULL,
  `secret` varchar(100) DEFAULT NULL,
  `redirect` varchar(255) DEFAULT NULL,
  `personal_access_client` tinyint(1) DEFAULT NULL,
  `password_client` tinyint(1) DEFAULT NULL,
  `revoked` tinyint(1) DEFAULT NULL,
  `is_confidential` tinyint(1) NOT NULL DEFAULT '0',
  `created_at` datetime DEFAULT CURRENT_TIMESTAMP,
  `updated_at` datetime DEFAULT NULL
);

CREATE INDEX `IDX_13CE81015E237E06A76ED395BDA26CCD` ON oauth_clients (`name`,`user_id`);
CREATE INDEX `IDX_13CE8101A76ED395` ON oauth_clients (`user_id`);

--
-- Table structure for table `oauth_refresh_tokens`
--

CREATE TABLE `oauth_refresh_tokens` (
  `id` varchar(100) PRIMARY KEY NOT NULL,
  `access_token_id` varchar(100) NOT NULL,
  `revoked` tinyint(1) NOT NULL DEFAULT '0',
  `expires_at` datetime NOT NULL
);

CREATE INDEX `IDX_5AB6872CCB2688BDA26CCD` ON oauth_refresh_tokens (`access_token_id`);

--
-- Table structure for table `oauth_scopes`
--

CREATE TABLE `oauth_scopes` (
  `id` varchar(100) PRIMARY KEY NOT NULL
);

--
-- Table structure for table `oauth_users`
--

CREATE TABLE `oauth_users` (
  -- Hint: You may want to change AUTOINCREMENT to AUTO_INCREMENT
  `id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
  `username` varchar(320) UNIQUE NOT NULL,
  `password` varchar(100) NOT NULL,
  `first_name` varchar(80) DEFAULT NULL,
  `last_name` varchar(80) DEFAULT NULL
);

CREATE INDEX `UNIQ_93804FF8F85E0677` ON oauth_users (`username`);

--
-- Population for table `oauth_clients`
--

INSERT INTO oauth_clients (name, secret, redirect, personal_access_client, password_client, is_confidential)
VALUES ('client_test', '$2y$10$fFlZTo2Syqa./0JJ2QKV4O/Nfi9cqDMcwHBkN/WMcRLLlaxYUP2CK', '/redirect', 1, 1, 1),
('client_test2', '$2y$10$fFlZTo2Syqa./0JJ2QKV4O/Nfi9cqDMcwHBkN/WMcRLLlaxYUP2CK', '/redirect', 0, 0, 1),
('client_test_not_confidential', '$2y$10$fFlZTo2Syqa./0JJ2QKV4O/Nfi9cqDMcwHBkN/WMcRLLlaxYUP2CK', '/redirect', 0, 0, 0);

--
-- Population for table `oauth_users`
--

INSERT INTO oauth_users (username, password)
VALUES ('user_test', '$2y$10$DW12wQQvr4w7mQ.uSmz37OQkKcIZrRZnpXWoYue7b5v8E/pxvsAru');

INSERT INTO oauth_scopes (id)
VALUES ('test');

Mezzio Skeleton and Installer

Build Status

Begin developing PSR-15 middleware applications in seconds!

mezzio builds on laminas-stratigility to provide a minimalist PSR-15 middleware framework for PHP with routing, DI container, optional templating, and optional error handling capabilities.

This installer will setup a skeleton application based on mezzio by choosing optional packages based on user input as demonstrated in the following screenshot:

screenshot-installer

The user selected packages are saved into composer.json so that everyone else working on the project have the same packages installed. Configuration files and templates are prepared for first use. The installer command is removed from composer.json after setup succeeded, and all installer related files are removed.

Getting Started

Start your new Mezzio project with composer:

$ composer create-project mezzio/mezzio-skeleton <project-path>

After choosing and installing the packages you want, go to the <project-path> and start PHP's built-in web server to verify installation:

$ composer run --timeout=0 serve

You can then browse to http://localhost:8080.

Linux users

On PHP versions prior to 7.1.14 and 7.2.2, this command might not work as expected due to a bug in PHP that only affects linux environments. In such scenarios, you will need to start the built-in web server yourself, using the following command:

$ php -S 0.0.0.0:8080 -t public/ public/index.php

Setting a timeout

Composer commands time out after 300 seconds (5 minutes). On Linux-based systems, the php -S command that composer serve spawns continues running as a background process, but on other systems halts when the timeout occurs.

As such, we recommend running the serve script using a timeout. This can be done by using composer run to execute the serve script, with a --timeout option. When set to 0, as in the previous example, no timeout will be used, and it will run until you cancel the process (usually via Ctrl-C). Alternately, you can specify a finite timeout; as an example, the following will extend the timeout to a full day:

$ composer run --timeout=86400 serve

Installing alternative packages

There is a feature to install alternative packages: Instead of entering one of the selection you can actually type the package name and version.

  Which template engine do you want to use?
  [1] Plates
  [2] Twig
  [3] zend-view installs zend-servicemanager
  [n] None of the above
  Make your selection or type a composer package name and version (n): infw/pug:0.1
  - Searching for infw/pug:0.1
  - Adding package infw/pug (0.1)

That feature allows you to install any alternative package you want. It has its limitations though:

  • The alternative package must follow this format namespace/package:1.0. It needs the correct version.
  • Templates are not copied, but the ConfigProvider can be configured in such way that it uses the default templates directly from the package itself.
  • This doesn't work for containers as the container.php file needs to be copied.

Troubleshooting

If the installer fails during the composer create-project phase, please go through the following list before opening a new issue. Most issues we have seen so far can be solved by self-update and clear-cache.

  1. Be sure to work with the latest version of composer by running composer self-update.
  2. Try clearing Composer's cache by running composer clear-cache.

If neither of the above help, you might face more serious issues:

Application Development Mode Tool

This skeleton comes with laminas-development-mode. It provides a composer script to allow you to enable and disable development mode.

To enable development mode

Note: Do NOT run development mode on your production server!

$ composer development-enable

Note: Enabling development mode will also clear your configuration cache, to allow safely updating dependencies and ensuring any new configuration is picked up by your application.

To disable development mode

$ composer development-disable

Development mode status

$ composer development-status

Configuration caching

By default, the skeleton will create a configuration cache in data/config-cache.php. When in development mode, the configuration cache is disabled, and switching in and out of development mode will remove the configuration cache.

You may need to clear the configuration cache in production when deploying if you deploy to the same directory. You may do so using the following:

$ composer clear-config-cache

You may also change the location of the configuration cache itself by editing the config/config.php file and changing the config_cache_path entry of the local $cacheConfig variable.

Skeleton Development

This section applies only if you cloned this repo with git clone, not when you installed mezzio with composer create-project ....

If you want to run tests against the installer, you need to clone this repo and setup all dependencies with composer. Make sure you prevent composer running scripts with --no-scripts, otherwise it will remove the installer and all tests.

$ composer update --no-scripts
$ composer test

Please note that the installer tests remove installed config files and templates before and after running the tests.

Before contributing read the contributing guide.

You might also like...
Slim Auth is an authorization and authentication library for the Slim Framework.

Slim Auth is an authorization and authentication library for the Slim Framework. Authentication is provided by the Zend Framework Zend\Authentication component, and authorization by the Zend Framework Zend\Permissions\Acl component.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

documentation for the oauth2-server-php library

OAuth2 Server PHP Documentation This repository hosts the documentation for the oauth2-server-php library. All submissions are welcome! To submit a ch

A plugin for implementing an OAuth2 server in CakePHP 3

OAuth2 Server for CakePHP 3 A plugin for implementing an OAuth2 server in CakePHP 3. Built on top of the PHP League's OAuth2 Server. Currently we supp

Static utilitiy classes to bridge PSR-7 http messages to OAuth2 Server requests and responses.

Static utilitiy classes to bridge PSR-7 http messages to OAuth2 Server requests and responses. While this libray is entended for use with Slim 3, it should work with any PSR-7 compatible framework.

A demo application for running an OAuth2 server
A demo application for running an OAuth2 server

OAuth2 Demo PHP This application is designed to demo the workflow between OAuth2.0 Clients and Servers. If this is your first time here, try experimen

Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities

Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities. The authorization and resource server actors are implemented using the thephpleague/oauth2-server library.

PSR-7 and PSR-15 HTTP Basic Authentication Middleware

PSR-7 and PSR-15 Basic Auth Middleware This middleware implements HTTP Basic Authentication. It was originally developed for Slim but can be used with

Basic Authentication handler for the JSON API, used for development and debugging purposes

Basic Authentication handler This plugin adds Basic Authentication to a WordPress site. Note that this plugin requires sending your username and passw

Comments
  • Duplicate route DuplicateRouteException

    Duplicate route DuplicateRouteException

    In case:

    Fatal error:
    Uncaught Mezzio\Router\Exception\DuplicateRouteException: Duplicate route detected; path "/oauth"
    answering to methods [GET,POST], with name "oauth" in
    /var/www/mezzio/vendor/laminas/laminas-servicemanager/src/ServiceManager.php 
    
    opened by majid-rafei 2
Releases(v0.0.1-alpha)
  • v0.0.1-alpha(Nov 13, 2021)

    This is the first release which includes oauth2 route (e.g. '/oauth2/token') which takes username, password, client_id, client_secret, scope, and grant_type to give access_token and refresh_token. For example:

    Request

    POST /oauth2/token HTTP/1.1
    Host: 192.168.1.1:8000
    Content-Type: application/x-www-form-urlencoded
    Cookie: __eid=59784225d86a4ab4a765103e25db3f64
    Content-Length: 104
    -- Request body
    grant_type=password&client_id=client_test&client_secret=test&scope=test&username=user_test&password=test
    

    Response

    {
        "token_type": "Bearer",
        "expires_in": 86400,
        "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJjbGllbnRfdGVzdCIsImp0aSI6ImM5MGQ1NzJiYjQ5YWI4NzM5MmQ4NmMyYzAzYWYyZjM2ZTQ5MWEyNDEzMGY4MmU1ZjRhZWRmZjcyZTc1ZjFiYTU0ZTUwNmY1MTg3OTNmNDgyIiwiaWF0IjoxNjM2Nzg0MTg4LCJuYmYiOjE2MzY3ODQxODgsImV4cCI6MTYzNjg3MDU4OCwic3ViIjoidXNlcl90ZXN0Iiwic2NvcGVzIjpbInRlc3QiXX0.kfTsarn1IqcxRytKFpIb-rqhEPcLjjQZWwgV0l07tZbrXZVLueqDY4exNbJGExnp5zSESnt6Pg_wNg67hW_yNItY8xQcKPi0md8L2A8HDgBb6Ko7IFTiXMiobsDe5HEA-yBORXXAyIgCAjydnW8XnUcv7VCTPYKbFV53alHl3JPCzaoGGnEETsPWQ3RTsIoipxHNuqT6HiwJI-d1lcfUbjQci5DyuaA9EC_u8Mdv8OJGJ7QTVw_g0bwhmkWWZ-h5J0rqCrkGUZTv0-9J73rJr4G_tYK1odi1e9NvauiC4RB94pAQ2VFi8vgVIefemEKFoYiHbBUP4CipcjKSW3mNCQ",
        "refresh_token": "def502004c11d7ea0a8a23af4c8e0c80ffcbd13504208d45ce1bcdce837b3bec4bddff9957d6f8e79612da71fc26ec927852a3b6749bc45306f3c0458d9cd2db4dcc8f2e945a41c1bebc958ef50761028775ee2e49257ddc8588a02648121f709953a05d1efa8d2eded57617821d0f2b7be8190d79807e31f4cc999f70d7956e9fbfbb32ca548b58a63c7d4335211f3d2b75f73327b273fb51d7585c97ea28fec3716827a2ead8d89982f08fe141c969b9dfed5fa9905dcb3a6fadae3ac31f831c5d8a39963021eccda40796a0fd283cdf07a3a76ede56522acfec0683b5d72615fb84f625f97531959f68545366278b65f3f16c7809350e06393f3012e4a764a90ef5d59ea27397723149c5ae74d0026ef6d88e6de31a8cd39da815dd0fd8945ced06bf15e1325e2d30e1923bcb467dc25dec246eedc930acb9bec8b836e855eb21ce6278deb9baa413d05b962f00e9a6e480276a6289311329eeec787155d7ba7015b85fae6ace09c2443044819cb4a5186ea42c3cb9793296c6"
    }
    
    Source code(tar.gz)
    Source code(zip)
Owner
null
StartZ oauth2-etsy compatible League of PHP OAuth2

Etsy Provider for OAuth 2.0 Client This package provides Etsy OAuth 2.0 support for the PHP League's OAuth 2.0 Client. Requirements The following vers

StartZ 2 Nov 10, 2022
EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

EvaOAuth EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few

AlloVince 256 Nov 16, 2022
EvaOAuth provides a standard interface for OAuth1.0(a) / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few lines code.

EvaOAuth EvaOAuth provides a standard interface for OAuth1.0 / OAuth2.0 client authorization, it is easy to integrate with any PHP project by very few

AlloVince 261 Jan 17, 2022
Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use

Introduction Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use. Official Documentation Documenta

The Laravel Framework 3.1k Dec 31, 2022
Routes and Middleware for Using OAuth2 Server within a Slim Framework API

Chadicus\Slim\OAuth2 A collection of OAuth2 Server routes, middleware and utilities for use within a Slim 3 Framework API Requirements Chadicus\Slim\O

Chad Gray 126 Oct 8, 2022
:octocat: Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel.

Socialite Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, You can easily use it in any PHP project. 中文文档 This tool no

安正超 1.2k Dec 22, 2022
A framework agnostic authentication & authorization system.

Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as

Cartalyst 1.4k Dec 30, 2022
Authentication and authorization library for Codeigniter 4

Authentication and Authorization Library for CodeIgniter 4. This library provides an easy and simple way to create login, logout, and user registratio

Rizky Kurniawan 12 Oct 10, 2022
Authentication, authorization and access control for PHP

Jasny Auth Authentication, authorization and access control for PHP. Features Multiple authorization strategies, like groups (for acl) and levels. Aut

Arnold Daniels 105 Dec 12, 2022