TLDR: league/oauth2-server project is in need of a new maintainer.
The author of ‘league/oauth2-server’, Alex Bilbie, no longer has time to maintain the package and as such is seeking a new maintainer.
What is league/oauth2-server?
Put frankly, it’s an open-source package used by millions worldwide. There are examples of huge packages built on top of it – such as Laravel passport – so if you’re of the more oblivious nature, it’s possible you’re using it without even knowing.
The package offers a standards compliant PHP implementation of an OAuth 2,0 server. It supports the following grant-types natively (but is extensible in that more can be added):
- Authorization code grant
- Implicit grant
- Client credentials grant
- Resource owner password credentials grant
- Refresh grant
What do I need to be aware of?
- If you use Laravel Passport, you’re dependent on the package.
- Until a new maintainer is found support requests and pull requests will not be processed.
- This means that any bugs/security issues found within the package will not be patched out.
- If you have issues in the meantime, you could fork the package and fix them yourself until a new maintainer is found.
- The package is significant enough that a new maintainer will likely be found – hopefully quickly.
- On a related note, there was a recently security fix so please be sure to update to V5.1.4 or 6.x. More info
If you want to read the full story, you can find it on Alex’s blog.