Configuration

Encryption Keys Paths

You can configure the paths by adding this section to the configuration file:

ini
[oauth2]
encryption_key = oauth2/defuse.key
jwt_signing_key_passphrase =
jwt_signing_key_private = oauth2/private.key
jwt_signing_key_public = oauth2/public.key

HTTP Authorization Server Endpoints

You need to add endpoints to your application that expose OAuth2 server.

Access Token Endpoint

Most grants require just the Access Token Endpoint:

Authorization Code Grant requires more setup and it has more detailed explanation on it's documentation page.

app/HttpResponder/OAuth2AccessToken.php
php
<?php

namespace App\HttpResponder;

use App\HttpRouteSymbol;
use Distantmagic\Resonance\Attribute\RespondsToHttp;
use Distantmagic\Resonance\Attribute\Singleton;
use Distantmagic\Resonance\HttpResponder;
use Distantmagic\Resonance\HttpResponder\OAuth2\AccessToken;
use Distantmagic\Resonance\HttpResponderInterface;
use Distantmagic\Resonance\RequestMethod;
use Distantmagic\Resonance\SingletonCollection;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

#[RespondsToHttp(
    method: RequestMethod::POST,
    pattern: '/oauth2/access_token',
    routeSymbol: HttpRouteSymbol::OAuth2AccessToken,
)]
#[Singleton(collection: SingletonCollection::HttpResponder)]
final readonly class OAuth2AccessToken extends HttpResponder
{
    public function __construct(private AccessToken $accessTokenResponder) {}

    public function respond(ServerRequestInterface $request, ResponseInterface $response): HttpResponderInterface
    {
        return $this->accessTokenResponder;
    }
}

Using League OAuth 2.0 Server Directly

If you need to, you can define your own endpoints by manipulating the Authorization Server directly:

php
<?php

namespace App;

use Distantmagic\Resonance\Attribute\Singleton;
use Distantmagic\Resonance\HttpResponder;
use Distantmagic\Resonance\HttpResponder\PsrResponder;
use Distantmagic\Resonance\HttpResponderInterface;
use Distantmagic\Resonance\PsrServerRequestConverter;
use League\OAuth2\Server\AuthorizationServer as LeagueAuthorizationServer;
use Nyholm\Psr7\Factory\Psr17Factory;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

#[Singleton]
readonly class MyOAuth2Server extends HttpResponder
{
    public function __construct(
        private LeagueAuthorizationServer $leagueAuthorizationServer,
        private PsrServerRequestConverter $psrServerRequestConverter,
        private Psr17Factory $psr17Factory,
    ) {}

    public function respond(ServerRequestInterface $request, ResponseInterface $response): HttpResponderInterface
    {
        /**
         * Convert Swoole http request to PSR Server request object
         */
        $serverRequest = $this->psrServerRequestConverter->convertToServerRequest($request);

        // ... do something with $this->leagueAuthorizationServer

        return new PsrResponder($psrResponse);
    }
}
Previous
« Installation
Learn how to setup the application environment to use OAuth 2.0.
Next
Enabling Grants »
Learn how to add methods of acquiring access tokens.
Edit on GitHub