Apigility with OAuth2 on IBM i

Create the OAuth tables in DB2

These tables are created according to specifications from Zend Framework OAuth2.

Configure Apigility

It is important to note that it is best practice to create this Authentication through the Apigility admin, then edit what is generated.


That’s it! It’s that simple to get basic OAuth2 up and running with Apigility on the IBM i. Now one can visit the Apgility OAuth2 Documentation to see how to connect web server applications up.

One easy way to just quickly test if OAuth2 is working properly is to put a record in OAUTH_CLIENTS, and go to /oauth to test it out.

Encrypt a password

The output for encrypting test should be $2y$10$8gHQy/sn0vB8H5wbAbhUi.tbUfpf6aE7PBllKHeKaCYTqEyd7vjo6. Now just fill in OAUTH_CLIENTS with this.

Now that we have a client record, we should be able to test if we can get an access token. Simply go to

If you’re able to click yes and get an access token, all should be working properly.

Overriding the Default OAuth2Adapter

For some of us, authentication can be messier than the default. Thankfully, overriding the default factory and adapter is fairly simple.

First, we need to create a destination folder for custom classes. This can be placed anywhere in the project. I suggest putting it in a folder in the root of the project. Something like phplib. Define a namespace and autoload classes from here in your composer.json:

Run composer dumpautoload in the command line now to update the autoload files.

Now that we have a destination folder created and autoloaded, it’s time to create our adapter.

This particular example is overriding the OAuth2 Adapter in order to also check for system users vs normal users when someone is authenticating with the API. One can of course do whatever they like in the two validation methods within the adapter.

We have an adapter, so we need a factory in order to inject dependencies and initiate the adapter.

This factory is used for dependency injection into the custom OAuth2Adapter.

Great. We have a factory and an adapter to override the default. So how do we override?

We need to update both global.php and local.php in order to override. Add the service_manager portion to global.php and replace the storage for oauth in local.php.

That’s it! The API should be using our new adapter for authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *