The Yii2-Oauth2-Server is an extension for Yii framework 2.0 applications and provides an Oauth2 server based on the League OAuth2 server. The server also supports OpenID Connect Core.
- Getting started
- Test Drive
- Documentation
- FAQ
- Implemented Standards
- Importing/Migrating
- Versioning & Change Log
- Reporting Security issues
- Directory Structure
- Contributing
- Credits
- License
If you're not yet familiar with Oauth 2 we recommend to check out An Illustrated Guide to OAuth and OpenID Connect
- The minimum required PHP version is 7.4 (compatibility tested up till and including PHP 8.1).
- The minimum required Yii version is 2.0.49 (2.0.50 when using SQLite).
The preferred way to install this extension is through composer.
composer require rhertogh/yii2-oauth2-serverFull installation and configuration details can be found in the docs under Installing the Yii2-Oauth2-Server
You can run a local preview instance using Docker:
docker run --rm -p 82:80 --name Yii2Oauth2Server ghcr.io/rhertogh/yii2-oauth2-server:masterAfter the container is started you can access the Oauth2 server on localhost:82.
Hint: The port number on the host machine is specified by the first part of the
-pargument. This can be changed if desired (e.g.-p 88:80).
To access the CLI of the Docker container you can run:
docker container exec -it Yii2Oauth2Server bashThere are two main sections in the documentation:
- Usage Guide for using the Yii2-Oauth2-Server in your own project.
- Development Guide for contributing to the Yii2-Oauth2-Server.
This is a quick FAQ, the full version can be found here.
To see an overview of the endpoints and other configuration you can run: ./yii oauth2/debug/config
To see an overview of the clients you can run: ./yii oauth2/client/list
Please check out the full FAQ first. If that doesn't solve the problem, please report an issue.
| Name | RFC / Specs | Since |
|---|---|---|
| OAuth 2.0 | RFC 6749 | 1.0.0¹ |
| The OAuth 2.0 Authorization Framework: Bearer Token Usage | RFC 6750 | 1.0.0¹ |
| Proof Key for Code Exchange by OAuth Public Clients (PKCE) | RFC 7636 | 1.0.0¹ |
| OAuth 2.0 Token Revocation | RFC 7009 | 1.0.0 |
| OpenID Connect Core 1.0 | Specifications | 1.0.0 |
| OpenID Connect Discovery 1.0 | Specifications | 1.0.0 |
| OpenID Connect RP-Initiated Logout | Specifications | 1.0.0 |
| Initiating User Registration via OpenID Connect | Specifications | 1.0.0 |
¹ Provided via PHP OAuth 2.0 Server.
To ease migrating from another project, the Yii2-Oauth2-Server supports importing data from other projects. For example from the filsh/yii2-oauth2-server
Please see Importing/Migrating from other servers for more information.
The Yii2-Oauth2-Server follows Semantic Versioning 2.0
Please see the Change Log for more information on version history
and the Upgrading Instructions when upgrading to a newer version.
In case you found a security issue please contact us directly DO NOT use the issue tracker or discuss it in public as it will cause more damage than help.
Please note that as a non-commercial OpenSource project we are not able to pay bounties.
docker/ Docker container definition
docs/ Documentation (for both usage and development)
sample/ Sample app for the server
src/ Yii2-Oauth2-Server source
tests/ Codeception unit and functional tests
The Yii2-Oauth2-Server is Open Source. You can help by:
Thanks in advance for your contribution!
The Yii2-Oauth2-Server is free software. It is released under the terms of the Apache License.
Please see LICENSE.md for more information.