A complete, production-ready OAuth 2.0 implementation in PHP
Full implementation with PKCE support for secure authorization flows.
Automatic token refresh with secure rotation of refresh tokens.
Proof Key for Code Exchange prevents authorization code interception attacks.
Bearer token authentication for protected resource endpoints.
| Endpoint | Method | Description |
|---|---|---|
GET /authorize | GET | Authorization endpoint — displays login & consent |
POST /token | POST | Token endpoint — exchanges code for tokens |
GET /api/user | GET | Protected resource — returns user profile |
POST /revoke | POST | Revoke an access or refresh token |
| Username | admin |
| Password | password |
| Client ID | demo-client-id |
| Client Secret | demo-client-secret |