Skip to content

elyerrlabs/oauth2-passport-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,210 Commits
.vscode
.vscode
 
 
app
app
 
 
bootstrap
bootstrap
 
 
config
config
 
 
core
core
 
 
database
database
 
 
docker
docker
 
 
docs
docs
 
 
lang
lang
 
 
public
public
 
 
resources
resources
 
 
routes
routes
 
 
secrets/oauth
secrets/oauth
 
 
storage
storage
 
 
stubs
stubs
 
 
tests
tests
 
 
third-party
third-party
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.env.example
.env.example
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
AUTHORS.md
AUTHORS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
artisan
artisan
 
 
build-image-prod.sh
build-image-prod.sh
 
 
build-image-staging.sh
build-image-staging.sh
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
deploy-dev.sh
deploy-dev.sh
 
 
deploy-latest.sh
deploy-latest.sh
 
 
deploy-prod.sh
deploy-prod.sh
 
 
deploy-staging.sh
deploy-staging.sh
 
 
dev
dev
 
 
docker-compose-dev.yml
docker-compose-dev.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
phpunit.xml
phpunit.xml
 
 
postcss.config.js
postcss.config.js
 
 
production
production
 
 
staging
staging
 
 
vite.config.js
vite.config.js
 
 

Repository files navigation

OAuth2 Passport Server

Modular Identity Provider and Access Management Platform

OAuth2 Passport Server is a modern Identity and Access Management (IAM) platform designed to centralize authentication, authorization, and permissions across applications, APIs, microservices, and enterprise systems.

Built on top of OAuth2, OpenID Connect (OIDC), and Elymod, the platform provides a centralized Identity Provider (IdP) capable of managing users, applications, permissions, subscriptions, and services from a single location.

Designed for startups, SaaS platforms, enterprises, and distributed architectures, OAuth2 Passport Server helps organizations eliminate fragmented authentication systems while maintaining full compatibility with industry standards.

Why OAuth2 Passport Server?

As organizations grow, authentication and authorization become fragmented across multiple systems:

  • Web applications
  • Mobile applications
  • APIs
  • Internal tools
  • Microservices
  • Customer portals
  • Third-party integrations

Each application often maintains its own users, roles, and permissions.

This results in:

  • Duplicate user accounts
  • Permission inconsistencies
  • Increased maintenance costs
  • Security vulnerabilities
  • Difficult integrations
  • Poor user experience

OAuth2 Passport Server solves these challenges by acting as the central authority responsible for identity, authentication, and access management across the entire organization.

Key Features

Identity and Access Management (IAM)

Centralized user authentication and authorization across applications, services, and APIs.

Identity Provider (IdP)

Act as a centralized identity provider for web applications, mobile applications, APIs, and microservices.

OpenID Connect Provider

Built-in OpenID Connect support including:

  • Discovery Endpoint
  • JWKS Endpoint
  • Identity Tokens
  • Standardized Authentication Flows
  • Third-Party Integrations

OAuth2 Authorization Server

Currently supported flows:

  • Authorization Code Flow
  • Authorization Code Flow with PKCE
  • Refresh Tokens

Built following modern OAuth2 security recommendations.

Single Sign-On (SSO)

Authenticate once and access multiple connected applications through a centralized identity system.

Hierarchical Scope Management

Permissions are generated using a structured scope model:

group_service_role

Examples:

billing_invoices_read
billing_invoices_create
billing_payments_manage

crm_contacts_read
crm_contacts_update

support_tickets_close

This approach provides significantly more granular authorization than traditional role-based systems.

Benefits include:

  • Fine-grained access control
  • Consistent permission naming
  • Easier auditing
  • Better scalability
  • Cross-service interoperability

Service Marketplace

Organizations can publish services and manage access through subscriptions.

When a user gains access to a service, the corresponding scopes can be assigned automatically, allowing connected applications to immediately recognize updated permissions.

Microservice Authentication

Perfect for:

  • Microservices
  • Service-Oriented Architectures (SOA)
  • API Ecosystems
  • Distributed Systems

Applications can validate tokens using OpenID Connect standards without requiring direct database communication.

OpenID Connect Discovery

OAuth2 Passport Server implements the OpenID Connect Discovery specification.

Applications can automatically discover server capabilities using:

/.well-known/openid-configuration

Supported discovery information includes:

  • Issuer
  • Authorization Endpoint
  • Token Endpoint
  • JWKS Endpoint
  • Logout Endpoint
  • Supported Scopes
  • Supported Grant Types

This enables seamless integration with OpenID Connect compatible applications and services.

Powered by Elymod

OAuth2 Passport Server is built on Elymod, a modular application framework designed to extend platform functionality without modifying the core system.

Unlike traditional identity providers, new capabilities can be installed as independent modules.

Benefits

  • Zero core modifications
  • Upgrade-safe extensions
  • Independent module lifecycle
  • Vendor-friendly architecture
  • Enterprise scalability
  • Feature isolation

Dependency Isolation

Each module can manage its own dependencies independently.

PHP Dependencies

Modules can include their own Composer dependencies without affecting the core application.

Node.js Dependencies

Modules can maintain their own frontend ecosystem, including:

  • package.json
  • Build Pipelines
  • Frontend Frameworks
  • JavaScript Libraries
  • Asset Compilation Tools

This prevents dependency conflicts and allows modules to evolve independently.

Independent Licensing

Each module may define its own licensing model:

  • Open Source
  • Commercial
  • Enterprise
  • Internal Use

Organizations can deploy only the functionality they require while maintaining a centralized identity platform.

Enterprise Ready

OAuth2 Passport Server is designed for:

  • SaaS Platforms
  • Enterprises
  • Government Systems
  • Internal Corporate Applications
  • API Platforms
  • Multi-Service Architectures
  • Customer Portals
  • Identity Providers (IdP)

Security Features

  • OAuth2 Compliant
  • OpenID Connect Compliant
  • PKCE Support
  • Refresh Tokens
  • RS256 Token Signing
  • JWKS Support
  • Centralized Authorization
  • Hierarchical Scope-Based Permissions
  • CSP-Compatible Administration Interface
  • Secure Authentication Workflows

Vision

OAuth2 Passport Server is more than an OAuth2 authorization server.

It is a modular identity platform designed to become the central authentication, authorization, and access management layer for modern organizations.

By combining OAuth2, OpenID Connect, advanced permission management, service subscriptions, and Elymod's modular architecture, organizations can build complete digital ecosystems on top of a secure and standards-compliant identity foundation.

About

A robust, centralized authorization server built with Laravel and Laravel Passport, designed to provide secure authentication and authorization for modern applications.

elyerr.org

Topics

webservice laravel oauth2 modular microservices control web microservice server openid oauth2-server openid-connect panel-admin laravelpassport

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

53 tags

Packages

 
 
 

Contributors

Languages