Introduction

Inspired from the Norse mythology, Heimdallr (opens in a new tab), modernly anglicized as Heimdall is the gatekeeper of Bifröst, the rainbow road connecting Midgard, realm of the humans, to Asgard, the realm of Gods.

In CodeIgniter 4, Heimdall serves as the gatekeeper between the client and the Resource server. Heimdall gives you an out of the box OAuth 2.0 authorization protocol implementation to your Web Service. Heimdall also comes with some handy extensions such as Open ID Connect (opens in a new tab) support to gives you a simple identity layer on top of the OAuth 2.0 protocol and a Proof Key for Code Exchange (opens in a new tab) support.

Heimdall implements the standards compliant implementation of an OAuth 2.0 (opens in a new tab) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.

This library was created in order to simplify the need of OAuth 2.0 implementation in your CodeIgniter 4 framework, based on the OAuth 2.0 Server (opens in a new tab) library by thephpleague (opens in a new tab).

Why Heimdall?

Some reason you need to consider to use Heimdall instead of the original OAuth 2.0 Server (opens in a new tab) for your CodeIgniter 4 project.

Simple & Concise API

Heimdall gives you a simple, clear, and concise API to get the OAuth 2.0 work as fast as possible.

Useful Extensions

Heimdall also gives you some extensions to work with OAuth 2.0 flow. Check it out here.

Fix the lack of PSR-7 classes

The OAuth 2.0 Server (opens in a new tab) library is relied on HTTP message classes that PSR-7 compliant (opens in a new tab). This is a normal standard by PHP FIG (opens in a new tab) to ensures interoperability between other packages and frameworks.

CodeIgniter 4 framework also compatible with a number of PHP FIG's proposals, but the PSR-7: HTTP Message Interface is different from the standard recommendation. As stated here (opens in a new tab), it says that:

CodeIgniter does not strive for compatibility with PSR-7 recommendation.

This means you need to re-implement the PSR-7 classes if you need it to work with the standard recommendation. Heimdall already fix this problem, what you need to do is only to install & implement it properly, and the OAuth 2.0 flow will work as you expected.

RFC Implementation

The following RFC's are implemented in this library:

• RFC6749 “OAuth 2.0” (opens in a new tab)
• RFC6750 “The OAuth 2.0 Authorization Framework: Bearer Token Usage” (opens in a new tab)
• RFC7519 “JSON Web Token (JWT)” (opens in a new tab)
• RFC7636 “Proof Key for Code Exchange by OAuth Public Clients” (opens in a new tab)

Latest Version

See the latest released Heimdall version here (opens in a new tab).

Support

Please ask questions on the Heimdall GitHub issues (opens in a new tab) page.

Heimdall was crafted by Ezra Lazuardy and originally created by Alex Bilbie. Find them on Internet at @ezralazuardy (opens in a new tab) and @alexbilbie (opens in a new tab).