Protect your API with OAuth 2.0 Token Introspection RFC 7662.
PSR-6 can be used to store introspection data during its lifetime (if expiration timestamp of the token is specified by introspection endpoint).
Via Composer
$ composer require kdubuc/oauth2-introspection-psr15
$middleware = new Oauth2Introspection($http_psr18_client, $http_stream_psr17_factory, $http_request_psr17_factory, [
'introspection_endpoint' => 'http://oauth2.example.com/introspect',
'oauth2_client_id' => 'client_id',
'oauth2_client_secret' => 'client_secret',
]);
$middleware->enableCache($psr6_cache);
// Introspection results will be stored into 'oauth2_access_token_introspection_data' request attribute
$ vendor/bin/phpunit tests/
Please see CONTRIBUTING for details.
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
The CeCILL-B License. Please see License File for more information.