This project is under construction

• Do not attempt to use in prod environment
• PM me for requests/suggestions

This repo contains a boilerplate project for a Phalcon API including an OAuth2 Server (https://github.com/thephpleague/oauth2-server) to manage authentication and authorization checks.

Currently support

• Client credentials grant
• Password grant
• Refresh grant
• Plain token and JWT bearer responses
• API requests validation
• Client scripts/sandbox for the supported grant

Before you install this project make sure your environment includes the following requirements:

• PHP 7.*
• Phalcon 3.*
• Module php_openssl activated

1. Clone or download the repo
2. Run composer update in the project folder
3. Create the oauth2 database and import the content of the config/dump-[prefered-charset].sql file
4. Coming soon: test token creation and API call using the client snippet

1. Secure or remove the public/docs folder to prevent access to the sandbox

This repository include a Swagger documentation and a sandbox. You can launch it by double-clicking on the index.html file in the docs/swagger folder.

The Swagger documentation use doctrine annotations.

The annotations should look like this:

/**
 * @SWG\Get(
 *     path="/api/resource.json",
 *     @SWG\Response(response="200", description="An example resource")
 * )
 */

You can find some annotation examples in the existing files :

app/common/controllers/DefaultController.php (Global annotations)
app/oauth2/controllers/OAuth2AccessTokenController.php (Call, request parameters and response annotations)
app/oauth2/entities/models/AccessTokenModel.php (Entity annotations)

To generate the Swagger documentation for the application (app folder) run the following command

php app/cli/cli.php swagger generate

This sandbox contains working examples of a client implementations.

See the following files for more details:

• client-client_credentials.php
• client-password.php
• client-refresh_token.php