FriendsOfSymfony / oauth2-php

A server implementation of OAuth 2.0
MIT License
515 stars 112 forks source link

Single-file deployment for dummies? #128

Closed dumblob closed 3 years ago

dumblob commented 3 years ago

(copy&paste from https://github.com/thephpleague/oauth2-server/issues/1226 )

This might sound crazy, but there seems to be a growing "market" of those wanting to "have sensitive information in own hands" and who "want to maintain different identities for each domain or even each access to the same domain".

For that some free web hostings or similar might come handy so the only problem might be deployment and long time maintenance (incl. automated version updates, automated backup to a different place, and one-click restoration from backup).

I'd envision having one (huge) PHP file and one DB file (e.g. SQLite) which would just need to be copied over to the free hosting and voila - everything works by itself (assuming the hosting provides HTTPS - e.g. using Let's Encrypt). The DB file would be optional (if there won't be any it'll get automatically created on first HTTPS request) and it'd cover at the same time the "restore from backup" use case. Updates will be done by copying over a new version of the PHP file manually (with the possibility to automate it with some Javascript-on-client approval from some of the designated accounts). Backup would be simple notification on client side "hey it's been 24+ hours since you downloaded the encrypted DB file last time".

Bootstrap would just show the message "please create file admin.txt next to the PHP file - all its contents until first CR or LF character is the initial password" and after that "please write your admin.txt password here and choose password for the DB file (encryption at rest) and also name and password for the first admin account to be created" and after success the PHP file will delete admin.txt.

Do you support this? If not, do you happen to know about any project aiming for this?

stof commented 3 years ago

this seems totally out of scope of this library. What you describe is a full application, not an OAuth library meant to be used in other projects. It is something you could build on top of this library though.

But it is definitely out out of the scope of the FriendsOfSymfony organization (we already don't have enough resources to properly maintain our existing packages, so we won't start maintaining a complete product that we don't even use ourselves)

stof commented 3 years ago

Note that I'm almost 100% sure that you will get the same kind of answer in the other 2 oauth libraries where you copy-pasted that.