Skip to content
Middleware for Using OAuth2 within a Slim Framework API
Branch: v3.x
Clone or download
chadicus Merge pull request #60 from chadicus/fea/token-attribute
Add token to request as attribute
Latest commit b30f61f Sep 15, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Add token to request as attribute Sep 15, 2018
tests Add token to request as attribute Sep 15, 2018
.coveralls.yml Remove src_dir config from coveralls Dec 1, 2016
.gitattributes Update .gitattributes Jan 7, 2018
.gitignore Remove composer.lock from version control Jan 7, 2018
.scrutinizer.yml Rewrite for slim 3 May 22, 2016
.travis.yml Add PHP 7.2 back to allowed failures Jan 7, 2018
LICENSE Update copyright Jan 3, 2017 Remove versioneye references Jan 2, 2018
composer.json Reduce restrictions for container May 21, 2018
phpcs.xml Add PHPCS config file Oct 1, 2017
phpunit.xml Initial Commit Jul 15, 2015


Build Status Code Quality Code Coverage

Latest Stable Version Latest Unstable Version License

Total Downloads Daily Downloads Monthly Downloads


Middleware for using OAuth2 Server within a Slim 3 Framework API


Chadicus\Slim\OAuth2\Middleware requires PHP 5.6 (or later).


To add the library as a local, per-project dependency use Composer! Simply add a dependency on chadicus/slim-oauth2-middleware to your project's composer.json file such as:

composer require chadicus/slim-oauth2-middleware


Developers may be contacted at:

Project Build

With a checkout of the code get Composer in your PATH and run:

composer install

Example Usage

Simple example for using the authorization middleware.

use Chadicus\Slim\OAuth2\Middleware;
use OAuth2;
use OAuth2\Storage;
use OAuth2\GrantType;
use Slim;

//set up storage for oauth2 server
$storage = new Storage\Memory(
        'client_credentials' => [
            'administrator' => [
                'client_id' => 'administrator',
                'client_secret' => 'password',
                'scope' => 'superUser',
            'foo-client' => [
                'client_id' => 'foo-client',
                'client_secret' => 'p4ssw0rd',
                'scope' => 'basicUser canViewFoos',
            'bar-client' => [
                'client_id' => 'foo-client',
                'client_secret' => '!password1',
                'scope' => 'basicUser',

// create the oauth2 server
$server = new OAuth2\Server(
        'access_lifetime' => 3600,
        new GrantType\ClientCredentials($storage),

//create the basic app
$app = new Slim\App();

// create the authorization middlware
$authMiddleware = new Middleware\Authorization($server, $app->getContainer());

//Assumes token endpoints available for creating access tokens

$app->get('foos', function ($request, $response, $args) {
    //return all foos, no scope required

$getRouteCallback = function ($request, $response, $id) {
    //return details for a foo, requires superUser scope OR basicUser with canViewFoos scope

$app->get('foos/id', $getRouteCallback)->add($authMiddleware->withRequiredScope(['superUser', ['basicUser', 'canViewFoos']]));

$postRouteCallback = function ($request, $response, $args) {
    //Create a new foo, requires superUser scope

$app->post('foos', $postRouteCallback)->add($authMiddleware->withRequiredScope(['superUser']));

You can’t perform that action at this time.