README

This is to inform all users that this package has been abandoned and will no longer receive any 
updates or maintenance. We highly recommend users to migrate to an alternative library package. 
We apologize for any inconvenience caused.

OAuth2 client middleware for league/oauth2-client

PSR7 middleware that uses league/oauth2-client to authenticate requests with an OAuth2 server.

Installation

composer require somoza/oauth2-client-middleware

Usage

The current implementation indirectly depends on Guzzle 6 because it's a direct dependency of league/oauth2-client.

Using Guzzle:

use Somoza\OAuth2Middleware\OAuth2Middleware;
use Somoza\OAuth2Middleware\TokenService\Bearer;

$stack = new \GuzzleHttp\HandlerStack();
$stack->setHandler(new CurlHandler());
$client = new \GuzzleHttp\Client(['handler' => $stack]);

// instantiate a provider, see league/oauth2-client docs
$provider = new GenericProvider(
    [
        'clientId' => 'your_client_id',
        'clientSecret' => 'your_client_secret',
        'urlAuthorize' => 'your_authorization_url',
        'urlAccessToken' => 'your_access_token_url',
        'urlResourceOwnerDetails' => 'your_resource_owner_url', 
    ], 
    [ 'httpClient' => $client ] // or don't pass it and let the oauth2-client create its own Guzzle client
);

// attach our oauth2 middleware
$bearerMiddleware = new OAuth2Middleware(
    new Bearer($provider), // use the Bearer token type
    [ // ignore (do not attempt to authorize) the following URLs
        $provider->getBaseAuthorizationUrl(),
        $provider->getBaseAccessTokenUrl(),
    ]
);
$stack->push($bearerMiddleware);

// if you want to debug, it might be useful to attach a PSR7 logger here

Caching the Access Token

A callback can be assigned to the middleware in order to save the access token for future use. Make sure you know about the security implications of storing an access token (do it at your own risk).

Example:

use Somoza\OAuth2Middleware\OAuth2Middleware;
use Somoza\OAuth2Middleware\TokenService\Bearer;
use League\OAuth2\Client\Token\AccessToken;

// see previous example for initialization
$tokenStore = new EncryptedCache(); // you can use whatever you want here
$token = null;
if ($tokenStore->contains($userId)) {
    $tokenData = json_decode($cache->fetch($userId));
    $token = new AccessToken($tokenData);
}

$bearerMiddleware = new OAuth2Middleware(
    new Bearer(
        $provider, // defined as in the "Usage" example
        $token, 
        function (AccessToken $newToken, AccessToken $oldToken) 
          use ($tokenStore, $userId) {
            // called whenever a new AccessToken is fetched
            $tokenStore->save($userId, $newToken->jsonSerialize());
        }
    ), 
);

$stack->push($bearerMiddleware);

License

MIT - see LICENSE.md