Oauth2 Stack

Cloudoki just released a brand new package, all MIT.

With the Oauth2 Stack one can integrate the complete Open Authentication 2.0 flow in a single require.
The package includes DB migration files, the Oauth2 Server, Account/User models and all the required web and e-mail views.

The goal of this package is to split it up in multiple Framework Branches. Right now, however, the Oauth2-Stack package is focussed on Laravel 4.2 with Eloquent in MQ alignment (3-layer environment).

Oauth2-Stack is available on Github and as Packagist requirement:

"cloudoki/oauth2-stack": "master-dev" 

Oauth2 Server - The Oauth2 Stack is based on Brent Shaffer's Oauth2 Server, tweaked for multi-layer usage. We use basic bearer for our implementation.

Views - The Views are based on Bootstrap 3 for easy styling.

For this article, you should have some knowledge of Composer and Laravel.
If you need your local environment set up, read this guide. If you want a simple Laravel app set up, read this guide.

Laravel 4.2 MQ Install

What makes the Laravel MQ version so special is the division of the API and Workers logic. As efficient security measurement, the API has no contact with the database, leaving all authentication logic to the Worker(s).
The Oauth2 Stack provides


Add our package as requirement in your composer file.

$ nano composer.json
"require": {
    "laravel/framework": "4.2.*",
    "cloudoki/oauth2-stack": "dev-master"

You might want to run an update. If something goes wrong, change your minimum-stability to dev in the composer.json file, for now.

$ composer update

The package is now installed in the project vendor folder. You'll need to register the package provider in your app config file next. Finish it off with dump to be on the safe side.

$ nano app/config/app.php
'providers' => array(
$ php artisan dump-autoload


You will need to edit the uri's to match your project. We have created a config file for this purpose. Run this command to copy it in your .app/config folder:

$ php artisan config:publish cloudoki/oauth2-stack

You may also create environment specific configs by placing them like so app/config/packages/cloudoki/oastack/environment.

Note that your app/config/app.php file needs a valid timezone setting.

'timezone' => 'Europe/Brussels'


If you go deep into the package you'll find out that the /oauth2 routes are defined right there.
Feel free to override this by copy-pasting the routes to your project ./app/routes.php file and disabling the include in OaStackServiceProvider.php. The same goes for the filters file, which identifies auth, a basic token check.


The Oauth2 related models, Oauth2AccessToken, Oauth2Authorization and Oauth2Client should be created into your database straight from the migration files. The User and Account models are Eloquent extensions and can be integrated (eg. by class extending) in your existing project, or be built straight from the migration files.

$ php artisan migrate --package="cloudoki/oauth2-stack"

Make sure your project database is connected, first...


The API communication is authorized with an Authentication bearer token (access token), which can be only attached as header field in production-level communication.
The internal authentication (User/Accounts rights) is based on Cloudoki/Guardian.

Modus Operandi

The first step you'll want to perform is adding a superuser, account and client, since we need a valid authentication for the view-based invitation form.

php artisan db:seed --class="OaStackSeeder"

You can either modify the vendor package's seed file beforehand, or edit the entry in the DB afterwards

Invite users

To invite new users, create a basic POST /account/{id}/users endpoint commanding OAuth2Controller::invite, or use the invitation view. An e-mail containing the unique subscribe link will be sent to the invitee.