TLDR: league/oauth2-server project is in need of a new maintainer

The author of ‘league/oauth2-server’, Alex Bilbie, no longer has time to maintain the package and as such is seeking a new maintainer.

What is league/oauth2-server?

Put frankly, it’s an open-source package used by millions worldwide. There are examples of huge packages built on top of it – such as Laravel passport – so if you’re of the more oblivious nature, it’s possible you’re using it without even knowing.

The package offers a standards compliant PHP implementation of an OAuth 2,0 server. It supports the following grant-types natively (but is extensible in that more can be added):

• Authorization code grant
• Implicit grant
• Client credentials grant
• Resource owner password credentials grant
• Refresh grant

What do I need to be aware of?

• If you use Laravel Passport, you’re dependent on the package.

• Until a new maintainer is found support requests and pull requests will not be processed.

  • This means that any bugs/security issues found within the package will not be patched out.
  • If you have issues in the meantime, you could fork the package and fix them yourself until a new maintainer is found.
• The package is significant enough that a new maintainer will likely be found – hopefully quickly.
• On a related note, there was a recently security fix so please be sure to update to V5.1.4 or 6.x. More info