TLDR: league/oauth2-server project is in need of a new maintainer

John Richardson

A pragmatic software developer with ~ 10 years experience. PHP/Vue JS advocate.

@JRdevelop January 19, 2021

The author of ‘league/oauth2-server’, Alex Bilbie, no longer has time to maintain the package and as such is seeking a new maintainer.

What is league/oauth2-server?

Put frankly, it’s an open-source package used by millions worldwide. There are examples of huge packages built on top of it – such as Laravel passport – so if you’re of the more oblivious nature, it’s possible you’re using it without even knowing.

The package offers a standards compliant PHP implementation of an OAuth 2,0 server. It supports the following grant-types natively (but is extensible in that more can be added):

  • Authorization code grant
  • Implicit grant
  • Client credentials grant
  • Resource owner password credentials grant
  • Refresh grant

What do I need to be aware of?

  • If you use Laravel Passport, you’re dependent on the package.
  • Until a new maintainer is found support requests and pull requests will not be processed.

    • This means that any bugs/security issues found within the package will not be patched out.
    • If you have issues in the meantime, you could fork the package and fix them yourself until a new maintainer is found.
  • The package is significant enough that a new maintainer will likely be found – hopefully quickly.
  • On a related note, there was a recently security fix so please be sure to update to V5.1.4 or 6.x. More info