This document outlines the various PHP libraries that could be of use to this project, which ones were choosen, and why.
If possible, libraries should be used for:
- Content negotiation
- CORS Header management
- Crypto / Certificates
- File converter (CSV / JSON / TSV / XML)
- HTTP Request/Response
- JSON Security (JOSE, JWA, JWE, JWK, JWS, JWT)
- RDF (Turtle, JSON-LD, RDFa, …)
- Vocabulary (Dublin core, Schema.org, Owl, FoaF, …)
Besides being compatible with the license Nextcloud requires (AGPLv3+ or compatible), there are several other criteria a library must meet if we are to use it.
- Adhere to IETF, W3C, and other relevant standards (for instance Dublin Core OpenID)
- Adhere to accepted PHP Standard recommendations
- Be a healthy open-source project.
As the world is not a perfect place, deviation from these criteria is possible. In such a case, the reasoning as to why to deviate will be documented
Besides being open-source, in order to be healthy, a library also needs to:
Be actively maintained So there is convidence the library will remain supported)
Be well documented So the learning curve is less steep
Have somewhat of a community So answers to questions are already out there
It would be helpful if projects adhere to current FOSS best practices, but not required.
There are several standard recommendations for PHP (PSR) that are relevant to this project. They are:
- PSR-7 for HTTP messages
- PSR-11 for dependency injection container
- PSR-15 for HTTP server middleware
- PSR-17 for HTTP message factory
- PSR-18 for HTTP client requests
Whenever a choice needs to be made, libraries that adhere to PSR have preference over those that do not.
Besides the PSR conventions, there are also various other standards that are of importance.
Whenever a choice needs to be made, libraries that adhere to these have preference over those that do not.
The following libraries are available.
defuse/php-encryption“Simple Encryption in PHP.”
jedisct1/libsodium-php“The PHP extension for libsodium.”
paragonie/sodium_compat“Pure PHP polyfill for ext/sodium”
laminas/laminas-diactoros“PSR HTTP Message implementations”
php-http/httplug“HTTPlug, the HTTP client abstraction for PHP”
firebase/php-jwt“PHP package for JWT”
lcobucci/jwt“A simple library to work with JSON Web Token and JSON Web Signature”
namshi/jose“JSON Object Signing and Encryption library for PHP.”
league/oauth2-server“A spec compliant, secure by default PHP OAuth 2.0 Server”
bshaffer/oauth2-server-php“A library for implementing an OAuth2 Server in php”
jumbojett/openid-connect-php“Minimalist OpenID Connect client”
- NextCloud OIDC Login “Nextcloud login via a single OpenID Connect 1.0 provider”
- Easyrdf “EasyRdf is a PHP library designed to make it easy to consume and produce RDF.”
semsol/arc2“ARC RDF Classes for PHP”