Using Mezzio with Laminas API Tools

I have written different Services such as Orders, Invoices services in Laminas API Tools. I am using OAuth2 framework to connect one service with another. Somewhere between Orders Service and Invoice Service I need to do the checking where token is validated. If the token is valid Request is forwarded to the Invoice Service in API Tools else Invalid Response is returned back to the calling Service. For example, Orders service obtains the token from Authorization Server and then it would get
the job done by Invoice service. The token is embedded in the Request Header and the Request is not accessible in corresponding Resource InvoiceResource.php.

So I figured out I have 2 choices:
-using MVC Listener event
-another is using Mezzio.
My questions is,
-which one of the above listed approaches is better and why?
-second, please guide me on how do I connect Mezzio with Laminas API Tools

I’m afraid I don’t understand that. You have one laminas-api-tools application, how do the services communicate with each other?

Communication between services is not an issue, issue is intercepting the Http Request between services for token validation. If token is valid Request is forwarded else error is returned to the calling service.

It is a problem for me. I don’t know what your application is doing there.

I hope following sketch will help clear the confusion.

The order service and the invoice service are in the same laminas-api-tools application?

no they are not in same application

This explains why a token is required between services / different laminas-api-tools applications.

You can use an event listener in your applications which is listen on a MVC event like Laminas\Mvc\MvcEvent::EVENT_DISPATCH.
In a listener you have access to the request object, route match, service manager, etc. and you can manipulate the target of the request.

Short example to illustrate the usage:

namespace ExampleModule\Listener;

use Laminas\EventManager\AbstractListenerAggregate;
use Laminas\EventManager\EventManagerInterface;
use Laminas\Mvc\MvcEvent;

class TokenListener extends AbstractListenerAggregate
    public function attach(EventManagerInterface $events, $priority = 1): void
        $this->listeners[] = $events->attach(

    public function checkToken(MvcEvent $event): void
        $request = $event->getRequest();

        $routeMatch = $event->getRouteMatch();

        $serviceManager = $event->getApplication()->getServiceManager();

        // …

        if (! $tokenIsValid) {
            $routeMatch->setParam('controller', ExampleErrorController::class);
            $routeMatch->setParam('action', 'invalid');

The listener can be registered in your global application configuration or module configuration:

return [
    'listeners' => [

With a separate Mezzio application you create the next problem: How should your laminas-api-tool applications communicate with the Mezzio application?

I 'm a bit late to the party …

Can you tell me which OAuth2 module you are using? Is it GitHub - bshaffer/oauth2-server-php: A library for implementing an OAuth2 Server in php? If so, the library uses a pretty easy to handle OAuth2 server, that implements a verifyResourceRequest method that checks for valid token requests on a resource. The validation of the sent access token will be executed before executing the resource controller action. If the resource controller is reached, the access_token is valid. If not, there will be an exact api error response with http status codes and a detailed error message in json.

Your use case could use this to redirect to the origin service.