Securing your API
This library provides a PSR-7 friendly resource server middleware that can validate access tokens.
Wherever you intialize your objects, initialize a new instance of the resource server with the storage interfaces:
Then add the middleware to your stack:
The authorization header on an incoming request will automatically be validated.
If the access token is valid the following attributes will be set on the ServerRequest:
oauth_access_token_id- the access token identifier
oauth_client_id- the client identifier
oauth_user_id- the user identifier represented by the access token
oauth_scopes- an array of string scope identifiers
If the authorization is invalid an instance of
OAuthServerException::accessDenied will be thrown.