Installation

composer require sonrac/lumen-league-oauth2

Usages

Resister service provider first:

Add to your bootstrap/app.php

$app->register(\sonrac\lumenRest\Oauth2ServiceProvider::class);

Description

league/oauth2 -server implementation for lumen

Contracts

Contracts or oauth2 server implemented in sonrac\lumenRest\Oauth2ServiceProvider

Events

Events usages described in official documentation

Middleware

Use League\OAuth2\Server\Middleware\ResourceMiddleware for validate authentication request

Use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware for user authenticate

Example routing

Get access token

$app->router->post('/access_token', function (\Psr\Http\Message\ServerRequestInterface $request,
                                              \Psr\Http\Message\ResponseInterface $response) use ($app) {
                                  
  /* @var \League\OAuth2\Server\AuthorizationServer $server */
  $server = $app->make(\League\OAuth2\Server\AuthorizationServer::class);

  try {

      // Try to respond to the request
      return $server->respondToAccessTokenRequest($request, $response);

  } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {

      // All instances of OAuthServerException can be formatted into a HTTP response
      return $exception->generateHttpResponse($response);

  } catch (\Exception $exception) {

      // Unknown exception
      $body = new \Zend\Diactoros\Stream('php://temp', 'r+');
      $body->write($exception->getMessage());
      return $response->withStatus(500)->withBody($body);

  }
});

Authorize third-party clients (implicit & auth code grants)

$app->router->get('/authorize', function (\League\OAuth2\Server\AuthorizationServer $server,
                                          \Psr\Http\Message\ServerRequestInterface $request,
                                          \Psr\Http\Message\ResponseInterface $response) {
    try {
        // Validate the HTTP request and return an AuthorizationRequest object.
        $authRequest = $server->validateAuthorizationRequest($request);

        // The auth request object can be serialized and saved into a user's session.
        // You will probably want to redirect the user at this point to a login endpoint.

        // Once the user has logged in set the user on the AuthorizationRequest
        $authRequest->setUser(app()->make(\League\OAuth2\Server\Entities\UserEntityInterface::class)); // an instance of UserEntityInterface

        // At this point you should redirect the user to an authorization page.
        // This form will ask the user to approve the client and the scopes requested.

        // Once the user has approved or denied the client update the status
        // (true = approved, false = denied)
        $authRequest->setAuthorizationApproved(true);

        // Return the HTTP redirect response
        return $server->completeAuthorizationRequest($authRequest, $response);
    } catch (\Exception $exception) {

        // Unknown exception
        $body = new \Zend\Diactoros\Stream('php://temp', 'r+');
        $body->write($exception->getMessage());

        return $response->withStatus(500)->withBody($body);

    }
});

JWT guard

For using JWT token you need define JWT guard

Example config:

'defaults' => [
        'guard' => 'jwt'
    ],
    'guards' => [
        'jwt' => [
            'driver' => 'jwt',
            'provider' => 'clients',
        ],
        'user' => [
            'driver' => 'token',
            'provider' => 'users',
        ],
    ],
    'providers' => [
        'clients' => [
            'driver' => 'eloquent',
            'model' => app(\League\OAuth2\Server\Entities\ClientEntityInterface::class),
        ],
        'users' => [
            'driver' => 'eloquent',
            'model' => app(\League\OAuth2\Server\Entities\UserEntityInterface::class),
        ],
    ],

Generate keys

For using SSL encryption generate keys first:

php artisan generate:keys