Can I use this bridge to replace Laravel Passport for OAuth2 in my API?

This bridge is designed for custom OAuth2 server setups using league/oauth2-server, not as a direct Passport replacement. It’s ideal if you need granular control over grant types, token storage, or non-standard flows. Passport is more mature for typical Laravel OAuth2 needs, but this bridge offers flexibility for niche use cases.

How do I install and register this package in Laravel?

Run `composer require league/oauth2-server binhvd/oauth2-server-httpfoundation-bridge`, then register the bridge in your `AppServiceProvider` by binding the OAuth2 server and HttpFoundation adapters. Laravel’s built-in `symfony/http-foundation` is already included, so no extra dependencies are needed beyond the bridge itself.

Does this work with Laravel’s middleware pipeline for token validation?

Yes, the bridge integrates seamlessly with Laravel middleware. You can wrap OAuth2 token validation logic in a custom middleware class (e.g., `ValidateOAuthToken`) and attach it to routes or globally. This leverages Laravel’s existing middleware pipeline while abstracting HTTP concerns.

Which Laravel versions are supported by this package?

The bridge relies on Symfony’s HttpFoundation, which Laravel includes by default (v5.5+). Ensure compatibility with your Laravel version by checking the underlying `league/oauth2-server` requirements. Test thoroughly in your target Laravel version, as edge cases may arise if Laravel’s request handling diverges from Symfony’s expectations.

How do I handle token storage (e.g., database or Redis) with this bridge?

Token storage is managed by the underlying `league/oauth2-server` library. You’ll need to implement a custom `TokenEntityManager` or use a supported storage adapter (e.g., PDO for databases, Redis for caching). Laravel’s cache or database systems can be integrated here, but the bridge itself doesn’t enforce a storage method.

Can I use this for client credentials flow or only authorization code?

This bridge supports all OAuth2 grant types (authorization code, client credentials, password, etc.) as defined by the `league/oauth2-server` library. The bridge itself doesn’t limit flows; you configure the supported grants in your OAuth2 server instance. Client credentials flow is fully supported if your use case requires it.

Will this conflict with Laravel Sanctum or Passport if used alongside them?

No direct conflicts exist, but careful scoping is required. The bridge operates at the HTTP layer, so you can use it for custom OAuth2 endpoints (e.g., `/oauth/token`) while keeping Sanctum/Passport for other auth needs. Ensure routes, middleware, and token storage are modularized to avoid overlaps.

How do I secure client secrets (e.g., client IDs, keys) in production?

Store client secrets in Laravel’s `.env` file or use Laravel Vault for sensitive data. The bridge doesn’t enforce secret management, so leverage Laravel’s existing security practices. Avoid hardcoding secrets in configuration files, and consider rotating keys periodically for added security.

Are there performance considerations for token validation in high-traffic APIs?

Token validation performance depends on your storage backend (e.g., Redis vs. database). Cache frequently accessed tokens or use Laravel’s cache system to reduce database load. The bridge itself adds minimal overhead, but test under load to ensure your token storage meets latency requirements.

What alternatives exist if I need a simpler OAuth2 solution for Laravel?

For most Laravel use cases, Laravel Passport is the recommended choice due to its maturity and tight integration. If you need more control, consider `league/oauth2-server` directly without the bridge, though this requires manual HttpFoundation handling. This bridge is best for developers who need custom OAuth2 logic beyond Passport’s scope.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Oauth2 Server Httpfoundation Bridge Laravel Package

binhvd/oauth2-server-httpfoundation-bridge

Bridge package that integrates an OAuth2 server with Symfony HttpFoundation, providing request/response adapters so you can use HttpFoundation objects when working with OAuth2 flows in Laravel/PHP applications.

View on GitHub

Deep Wiki

Context7

Integrate HttpFoundation into your oauth2-server library

Frequently asked questions about Oauth2 Server Httpfoundation Bridge

Can I use this bridge to replace Laravel Passport for OAuth2 in my API?: This bridge is designed for custom OAuth2 server setups using league/oauth2-server, not as a direct Passport replacement. It’s ideal if you need granular control over grant types, token storage, or non-standard flows. Passport is more mature for typical Laravel OAuth2 needs, but this bridge offers flexibility for niche use cases.
How do I install and register this package in Laravel?: Run `composer require league/oauth2-server binhvd/oauth2-server-httpfoundation-bridge`, then register the bridge in your `AppServiceProvider` by binding the OAuth2 server and HttpFoundation adapters. Laravel’s built-in `symfony/http-foundation` is already included, so no extra dependencies are needed beyond the bridge itself.
Does this work with Laravel’s middleware pipeline for token validation?: Yes, the bridge integrates seamlessly with Laravel middleware. You can wrap OAuth2 token validation logic in a custom middleware class (e.g., `ValidateOAuthToken`) and attach it to routes or globally. This leverages Laravel’s existing middleware pipeline while abstracting HTTP concerns.
Which Laravel versions are supported by this package?: The bridge relies on Symfony’s HttpFoundation, which Laravel includes by default (v5.5+). Ensure compatibility with your Laravel version by checking the underlying `league/oauth2-server` requirements. Test thoroughly in your target Laravel version, as edge cases may arise if Laravel’s request handling diverges from Symfony’s expectations.
How do I handle token storage (e.g., database or Redis) with this bridge?: Token storage is managed by the underlying `league/oauth2-server` library. You’ll need to implement a custom `TokenEntityManager` or use a supported storage adapter (e.g., PDO for databases, Redis for caching). Laravel’s cache or database systems can be integrated here, but the bridge itself doesn’t enforce a storage method.
Can I use this for client credentials flow or only authorization code?: This bridge supports all OAuth2 grant types (authorization code, client credentials, password, etc.) as defined by the `league/oauth2-server` library. The bridge itself doesn’t limit flows; you configure the supported grants in your OAuth2 server instance. Client credentials flow is fully supported if your use case requires it.
Will this conflict with Laravel Sanctum or Passport if used alongside them?: No direct conflicts exist, but careful scoping is required. The bridge operates at the HTTP layer, so you can use it for custom OAuth2 endpoints (e.g., `/oauth/token`) while keeping Sanctum/Passport for other auth needs. Ensure routes, middleware, and token storage are modularized to avoid overlaps.
How do I secure client secrets (e.g., client IDs, keys) in production?: Store client secrets in Laravel’s `.env` file or use Laravel Vault for sensitive data. The bridge doesn’t enforce secret management, so leverage Laravel’s existing security practices. Avoid hardcoding secrets in configuration files, and consider rotating keys periodically for added security.
Are there performance considerations for token validation in high-traffic APIs?: Token validation performance depends on your storage backend (e.g., Redis vs. database). Cache frequently accessed tokens or use Laravel’s cache system to reduce database load. The bridge itself adds minimal overhead, but test under load to ensure your token storage meets latency requirements.
What alternatives exist if I need a simpler OAuth2 solution for Laravel?: For most Laravel use cases, Laravel Passport is the recommended choice due to its maturity and tight integration. If you need more control, consider `league/oauth2-server` directly without the bridge, though this requires manual HttpFoundation handling. This bridge is best for developers who need custom OAuth2 logic beyond Passport’s scope.

Popularity trends

Recorded values over time (once-a-day snapshots). May 9, 2026 – Jun 7, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

0.0

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 0

+0.0
Forks

input: 0

+0.0
Open issues + PRs

input: 0

+0.0
Releases

input: 0

+0.0
Recency

input: —

+0.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 0.0

License

MIT

Watchers

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle