PHP Libraries

This document outlines the various PHP libraries that could be of use to this project, which ones were choosen, and why.

Topics

If possible, libraries should be used for:

• Content negotiation
• CORS Header management
• Crypto / Certificates
• File converter (CSV / JSON / TSV / XML)
• HTTP Request/Response
• JSON Security (JOSE, JWA, JWE, JWK, JWS, JWT)
• OAuth2
• OpenID
• RDF (Turtle, JSON-LD, RDFa, …)
• SPARQL
• Vocabulary (Dublin core, Schema.org, Owl, FoaF, …)
• WebID
• WSS

Requirements / Criteria

Besides being compatible with the license Nextcloud requires (AGPLv3+ or compatible), there are several other criteria a library must meet if we are to use it.

• Adhere to IETF, W3C, and other relevant standards (for instance Dublin Core OpenID)
• Adhere to accepted PHP Standard recommendations
• Be a healthy open-source project.

As the world is not a perfect place, deviation from these criteria is possible. In such a case, the reasoning as to why to deviate will be documented

Healthy open-source

Besides being open-source, in order to be healthy, a library also needs to:

• Be actively maintained So there is convidence the library will remain supported)

• Be well documented So the learning curve is less steep

• Have somewhat of a community So answers to questions are already out there

It would be helpful if projects adhere to current FOSS best practices, but not required.

PHP Standard recommendations

There are several standard recommendations for PHP (PSR) that are relevant to this project. They are:

• PSR-7 for HTTP messages
• PSR-11 for dependency injection container
• PSR-15 for HTTP server middleware
• PSR-17 for HTTP message factory
• PSR-18 for HTTP client requests

Whenever a choice needs to be made, libraries that adhere to PSR have preference over those that do not.

Standards

Besides the PSR conventions, there are also various other standards that are of importance.

Whenever a choice needs to be made, libraries that adhere to these have preference over those that do not.

Libraries

The following libraries are available.

Crypto / Certificates

• defuse/php-encryption “Simple Encryption in PHP.”
• jedisct1/libsodium-php “The PHP extension for libsodium.”
• paragonie/sodium_compat “Pure PHP polyfill for ext/sodium”

HTTP Request/Response

• laminas/laminas-diactoros “PSR HTTP Message implementations”
• php-http/httplug “HTTPlug, the HTTP client abstraction for PHP”

JSON Security (JOSE, JWA, JWE, JWK, JWS, JWT)

• firebase/php-jwt “PHP package for JWT”
• lcobucci/jwt “A simple library to work with JSON Web Token and JSON Web Signature”
• namshi/jose “JSON Object Signing and Encryption library for PHP.”
• web-token/jwt-framework “JWT Framework”

OAuth2

• league/oauth2-server “A spec compliant, secure by default PHP OAuth 2.0 Server”

OpenID

OpenID Connect (OIDC)

• bshaffer/oauth2-server-php “A library for implementing an OAuth2 Server in php”
• jumbojett/openid-connect-php “Minimalist OpenID Connect client”
• NextCloud OIDC Login “Nextcloud login via a single OpenID Connect 1.0 provider”

RDF (Turtle, JSON-LD, RDFa, …)

• Easyrdf “EasyRdf is a PHP library designed to make it easy to consume and produce RDF.”
• semsol/arc2 “ARC RDF Classes for PHP”

---