The League of Extraordinary Packages

Our Packages:

Presented by The League of Extraordinary Packages

Getting Started

Authorization Server

Resource Server

Repository Interfaces

Securing your API

This library provides a PSR-7 friendly resource server middleware that can validate access tokens.


Wherever you intialize your objects, initialize a new instance of the resource server with the storage interfaces:

// Init our repositories
$accessTokenRepository = new AccessTokenRepository(); // instance of AccessTokenRepositoryInterface

// Path to authorization server's public key
$publicKeyPath = 'file://path/to/public.key';
// Setup the authorization server
$server = new \League\OAuth2\Server\ResourceServer(

Then add the middleware to your stack:

new \League\OAuth2\Server\Middleware\ResourceServerMiddleware($server);


The authorization header on an incoming request will automatically be validated.

If the access token is valid the following attributes will be set on the ServerRequest:

If the authorization is invalid an instance of OAuthServerException::accessDenied will be thrown.