This is to inform all users that this package has been abandoned and will no longer receive any
updates or maintenance. We highly recommend users to migrate to an alternative library package.
We apologize for any inconvenience caused.
PSR7 middleware that uses league/oauth2-client to authenticate requests with an OAuth2 server.
composer require somoza/oauth2-client-middleware
The current implementation indirectly depends on Guzzle 6 because it's a direct dependency of league/oauth2-client
.
Using Guzzle:
use Somoza\OAuth2Middleware\OAuth2Middleware;
use Somoza\OAuth2Middleware\TokenService\Bearer;
$stack = new \GuzzleHttp\HandlerStack();
$stack->setHandler(new CurlHandler());
$client = new \GuzzleHttp\Client(['handler' => $stack]);
// instantiate a provider, see league/oauth2-client docs
$provider = new GenericProvider(
[
'clientId' => 'your_client_id',
'clientSecret' => 'your_client_secret',
'urlAuthorize' => 'your_authorization_url',
'urlAccessToken' => 'your_access_token_url',
'urlResourceOwnerDetails' => 'your_resource_owner_url',
],
[ 'httpClient' => $client ] // or don't pass it and let the oauth2-client create its own Guzzle client
);
// attach our oauth2 middleware
$bearerMiddleware = new OAuth2Middleware(
new Bearer($provider), // use the Bearer token type
[ // ignore (do not attempt to authorize) the following URLs
$provider->getBaseAuthorizationUrl(),
$provider->getBaseAccessTokenUrl(),
]
);
$stack->push($bearerMiddleware);
// if you want to debug, it might be useful to attach a PSR7 logger here
A callback can be assigned to the middleware in order to save the access token for future use. Make sure you know about the security implications of storing an access token (do it at your own risk).
Example:
use Somoza\OAuth2Middleware\OAuth2Middleware;
use Somoza\OAuth2Middleware\TokenService\Bearer;
use League\OAuth2\Client\Token\AccessToken;
// see previous example for initialization
$tokenStore = new EncryptedCache(); // you can use whatever you want here
$token = null;
if ($tokenStore->contains($userId)) {
$tokenData = json_decode($cache->fetch($userId));
$token = new AccessToken($tokenData);
}
$bearerMiddleware = new OAuth2Middleware(
new Bearer(
$provider, // defined as in the "Usage" example
$token,
function (AccessToken $newToken, AccessToken $oldToken)
use ($tokenStore, $userId) {
// called whenever a new AccessToken is fetched
$tokenStore->save($userId, $newToken->jsonSerialize());
}
),
);
$stack->push($bearerMiddleware);
MIT - see LICENSE.md