In order to prevent man-in-the-middle attacks, the authorization server MUST require the use of TLS with server authentication as defined by RFC2818 for any request sent to the authorization and token endpoints. The client MUST validate the authorization server’s TLS certificate as defined by RFC6125 and in accordance with its requirements for server identity authentication.
This library uses key cryptography in order to encrypt and decrypt, as well as verify the integrity of signatures. See the installation page for details on how to generate the keys.
The following versions of PHP are supported:
- PHP 7.0
- PHP 7.1
- PHP 7.2
openssl PHP extension is required.
All HTTP messages passed to the server should be PSR-7 compliant. This ensures interoperability between other packages and frameworks.