Introduction
league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
Out of the box it supports the following grants:
- Authorization code grant
- Implicit grant
- Client credentials grant
- Resource owner password credentials grant
- Refresh grant
- Device authorization grant
The following RFCs are implemented:
- RFC6749 “OAuth 2.0”
- RFC6750 “ The OAuth 2.0 Authorization Framework: Bearer Token Usage”
- RFC7519 “JSON Web Token (JWT)”
- RFC7636 “Proof Key for Code Exchange by OAuth Public Clients”
- RFC8628 “OAuth 2.0 Device Authorization Grant
This library was created by Alex Bilbie. Find him on X at @alexbilbie.
Changelog
Please see the project’s changelog for a complete history of changes to this library.
The latest release is 
Support
Please ask questions on the Github issues page.