This Flow package provides an OAuth 2.0 server, based on The PHP League OAuth Server.
The installation is done with composer:
composer require punktde/oauth2-server
Run the doctrine migrations
./flow doctrine:migrate
Optional: Define position of routes
Routes are per default included without any position parameter. If routes are positioned wrong adjust the position accordig to the [Flow Route documentation](https://flowframework.readthedocs.io/en/stable/TheDefinitiveGuide/PartIII/Routing.html#subroutes-from-settings)
Enable the required grant types within your settings:
PunktDe:
OAuth2:
Server:
grantTypes:
client_credentials:
enabled: false
authorization_code:
enabled: false
Have a look at Settings.PunktDe.yaml
for further configuration values.
Generate server keys:
./flow oauthserver:generateserverkeys
Create client credentials:
./flow oauthserver:createclientcredentials <identifier> <name> <grant-type>
There is a good listing at thephpleague.com of all grant types of OAuth2 which should help you to find the type that fits to your application.
The following OAuth 2.0 grant types are implemented:
If you are authorizing a machine to access resources and you don’t require the permission of a user to access said resources you should implement the client credential grant.
If the client is a web application that has a server side component then you should implement the authorization code grant.
The urls to use are:
- Access Token URL:
<YourDomain>/oauth/token
- Authorization URL:
<YourDomain>/oauth/authorize
- Authorization approval URL:
oauth/approveauthorization
The Authorization code grant is currently implemented with an implicit authorization of the requesting application.
If /oauth/authorize
is called without an authenticated Flow account, the user is automatically redirected to a configurable URL.
After authentication, the user should be forwarded to /oauth/approveauthorization
to approve the previously started authorization session.
Authentication request approval can be extended to fit your projects needs. You can put your custom logic into a class implementing the ApprovalStrategyInterface
.