{"id":18321775,"url":"https://github.com/chillerlan/php-oauth","last_synced_at":"2025-07-19T22:05:29.039Z","repository":{"id":229306170,"uuid":"766523160","full_name":"chillerlan/php-oauth","owner":"chillerlan","description":"A fully transparent, framework agnostic PSR-18 OAuth client.","archived":false,"fork":false,"pushed_at":"2024-11-12T20:07:01.000Z","size":12335,"stargazers_count":42,"open_issues_count":4,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-05-26T06:37:36.984Z","etag":null,"topics":["oauth","oauth-client","oauth1","oauth1-client","oauth2","oauth2-client","php","php8","pkce-oauth","psr-18","psr-7","rfc5849","rfc6749","rfc7636","rfc9126"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chillerlan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"codemasher"}},"created_at":"2024-03-03T14:01:45.000Z","updated_at":"2025-05-02T15:20:41.000Z","dependencies_parsed_at":"2024-04-17T09:47:22.799Z","dependency_job_id":"eb75d1d2-bfd2-4627-a7a2-5c6c9850daea","html_url":"https://github.com/chillerlan/php-oauth","commit_stats":{"total_commits":163,"total_committers":1,"mean_commits":163.0,"dds":0.0,"last_synced_commit":"836d7a6748946c5e82b7af2a84a8f27c148a9dd0"},"previous_names":["chillerlan/php-oauth"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/chillerlan/php-oauth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chillerlan%2Fphp-oauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chillerlan%2Fphp-oauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chillerlan%2Fphp-oauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chillerlan%2Fphp-oauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chillerlan","download_url":"https://codeload.github.com/chillerlan/php-oauth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chillerlan%2Fphp-oauth/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266026314,"owners_count":23866033,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth","oauth-client","oauth1","oauth1-client","oauth2","oauth2-client","php","php8","pkce-oauth","psr-18","psr-7","rfc5849","rfc6749","rfc7636","rfc9126"],"created_at":"2024-11-05T18:21:25.920Z","updated_at":"2025-07-19T22:05:29.008Z","avatar_url":"https://github.com/chillerlan.png","language":"PHP","funding_links":["https://ko-fi.com/codemasher","https://docs.patreon.com/","https://www.patreon.com/portal/registration/register-clients","https://developer.paypal.com/docs/connect-with-paypal/reference/","https://developer.paypal.com/developer/applications/"],"categories":[],"sub_categories":[],"readme":"# chillerlan/php-oauth\n\nA transparent, framework-agnostic, easily extensible PHP [PSR-18](https://www.php-fig.org/psr/psr-18/) OAuth client with a user-friendly API, fully [PSR-7](https://www.php-fig.org/psr/psr-7/)/[PSR-17](https://www.php-fig.org/psr/psr-17/) compatible.\n\n\n[![PHP Version Support][php-badge]][php]\n[![Packagist version][packagist-badge]][packagist]\n[![License][license-badge]][license]\n[![Continuous Integration][gh-action-badge]][gh-action]\n[![CodeCov][coverage-badge]][coverage]\n[![Codacy][codacy-badge]][codacy]\n[![Packagist downloads][downloads-badge]][downloads]\n[![Documentation][readthedocs-badge]][readthedocs]\n\n[php-badge]: https://img.shields.io/packagist/php-v/chillerlan/php-oauth?logo=php\u0026color=8892BF\u0026logoColor=fff\n[php]: https://www.php.net/supported-versions.php\n[packagist-badge]: https://img.shields.io/packagist/v/chillerlan/php-oauth.svg?logo=packagist\u0026logoColor=fff\n[packagist]: https://packagist.org/packages/chillerlan/php-oauth\n[license-badge]: https://img.shields.io/github/license/chillerlan/php-oauth.svg\n[license]: https://github.com/chillerlan/php-oauth/blob/main/LICENSE\n[coverage-badge]: https://img.shields.io/codecov/c/github/chillerlan/php-oauth.svg?logo=codecov\u0026logoColor=fff\n[coverage]: https://codecov.io/github/chillerlan/php-oauth\n[codacy-badge]: https://img.shields.io/codacy/grade/2e83b9167e5a41dba8af4b928ffa13ac?logo=codacy\u0026logoColor=fff\n[codacy]: https://app.codacy.com/gh/chillerlan/php-oauth/dashboard\n[downloads-badge]: https://img.shields.io/packagist/dt/chillerlan/php-oauth.svg?logo=packagist\u0026logoColor=fff\n[downloads]: https://packagist.org/packages/chillerlan/php-oauth/stats\n[gh-action-badge]: https://img.shields.io/github/actions/workflow/status/chillerlan/php-oauth/ci.yml?branch=main\u0026logo=github\u0026logoColor=fff\n[gh-action]: https://github.com/chillerlan/php-oauth/actions/workflows/ci.yml?query=branch%3Amain\n[readthedocs-badge]: https://img.shields.io/readthedocs/php-oauth/main?logo=readthedocs\u0026logoColor=fff\n[readthedocs]: https://php-oauth.readthedocs.io/en/main/\n\n\n# Overview\n\n## Features\n\n- OAuth client capabilities\n\t- [OAuth 1.0a](https://oauth.net/core/1.0a/) ([RFC-5849](https://datatracker.ietf.org/doc/html/rfc5849))\n\t- [OAuth 2.0](https://oauth.net/2/) ([RFC-6749](https://datatracker.ietf.org/doc/html/rfc6749))\n\t\t- [Authorization Code Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1)\n\t\t- [Client Credentials Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)\n\t\t- [Token refresh](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5)\n\t\t- [CSRF Token](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12) (\"state\" parameter)\n\t\t- [RFC-7009: Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)\n\t\t- [RFC-7636: PKCE](https://datatracker.ietf.org/doc/html/rfc7636) (Proof Key for Code Exchange)\n\t\t- [RFC-9126: PAR](https://datatracker.ietf.org/doc/html/rfc9126) (Pushed Authorization Requests)\n        - ~~[RFC-9449: DPoP](https://datatracker.ietf.org/doc/html/rfc9449) (Demonstrating Proof of Possession)~~ ([planned](https://github.com/chillerlan/php-oauth/issues/3))\n\t- Proprietary, OAuth-like authorization flows (e.g. [Last.fm](https://www.last.fm/api/authentication))\n\t- Invalidation of access tokens (if supported by the provider)\n- Several built-in provider implementations ([see below](#implemented-providers))\n\t- Provider instances act as [PSR-18](https://www.php-fig.org/psr/psr-18/) HTTP client, wrapping the given PSR-18 HTTP instance\n\t- Requests to the provider API will have required OAuth headers and tokens added automatically\n- Optional token encryption via [`sodium_crypto_secretbox()`](https://www.php.net/manual/en/function.sodium-crypto-secretbox) for the internal storage engines\n- A unified user data object `AuthenticatedUser` via the `OAuthInterface::me()` method\n\n\n## Requirements\n\n- PHP 8.1+\n\t- extensions: `json`, `sodium`\n\t\t- from dependencies: `curl`, `fileinfo`, `intl`, `mbstring`, `simplexml`, `zlib`\n- a [PSR-18](https://www.php-fig.org/psr/psr-18/) compatible HTTP client library of your choice\n- [PSR-17](https://www.php-fig.org/psr/psr-17/) compatible `RequestFactory`, `StreamFactory` and `UriFactory`\n\n\n# Documentation\n\n- The user manual is at https://php-oauth.readthedocs.io/ ([sources](https://github.com/chillerlan/php-oauth/tree/main/docs))\n- An API documentation created with [phpDocumentor](https://www.phpdoc.org/) can be found at https://chillerlan.github.io/php-oauth/\n- The documentation for the `AccessToken`, `AuthenticatedUser` and `OAuthOptions` containers can be found here: [chillerlan/php-settings-container](https://github.com/chillerlan/php-settings-container#readme)\n- There is [the suite of get-token examples](https://php-oauth.readthedocs.io/en/main/Usage/Using-examples.html), which is mostly intended for development, and there are self-contained examples for a quickstart:\n\t- [OAuth1 example](https://github.com/chillerlan/php-oauth/tree/main/examples/example-oauth1.php)\n\t- [OAuth2 example](https://github.com/chillerlan/php-oauth/tree/main/examples/example-oauth2.php)\n\n\n## Installation with [composer](https://getcomposer.org)\n\nSee [the installation guide](https://php-oauth.readthedocs.io/en/main/Basics/Installation.html) for more info!\n\n\n### Terminal\n\n```\ncomposer require chillerlan/php-oauth\n```\n\n\n### composer.json\n\n```json\n{\n\t\"require\": {\n\t\t\"php\": \"^8.1\",\n\t\t\"chillerlan/php-oauth\": \"^1.0\"\n\t}\n}\n```\n\nNote: check the [releases](https://github.com/chillerlan/php-oauth/releases) for valid versions.\n\n\n# Implemented Providers\n\n\u003c!-- TABLE-START --\u003e\n\u003c!-- this table is auto-created via /examples/create-description.php --\u003e\n\n| Provider | keys | revoke | ver | User | CSRF | PKCE | CC | TR | TI |\n|----------|------|--------|-----|------|------|------|----|----|----|\n| [Amazon](https://developer.amazon.com/docs/login-with-amazon/web-docs.html) | [link](https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html) |  | 2 | ✓ | ✓ |  |  | ✓ |  |\n| [BattleNet](https://develop.battle.net/documentation) | [link](https://develop.battle.net/access/clients) | [link](https://account.blizzard.com/connections) | 2 | ✓ | ✓ |  | ✓ |  |  |\n| [BigCartel](https://developers.bigcartel.com/api/v1) | [link](https://bigcartel.wufoo.com/forms/big-cartel-api-application/) | [link](https://my.bigcartel.com/account) | 2 | ✓ | ✓ |  |  |  | ✓ |\n| [Bitbucket](https://developer.atlassian.com/bitbucket/api/2/reference/) | [link](https://developer.atlassian.com/apps/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |\n| [Codeberg](https://codeberg.org/api/swagger) | [link](https://codeberg.org/user/settings/applications) | [link](https://codeberg.org/user/settings/applications) | 2 | ✓ | ✓ | ✓ |  | ✓ |  |\n| [Deezer](https://developers.deezer.com/api) | [link](https://developers.deezer.com/myapps) | [link](https://www.deezer.com/account/apps) | 2 | ✓ | ✓ |  |  |  |  |\n| [DeviantArt](https://www.deviantart.com/developers/) | [link](https://www.deviantart.com/developers/apps) | [link](https://www.deviantart.com/settings/applications) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |\n| [Discogs](https://www.discogs.com/developers/) | [link](https://www.discogs.com/settings/developers) | [link](https://www.discogs.com/settings/applications) | 1 | ✓ |  |  |  |  |  |\n| [Discord](https://discord.com/developers/) | [link](https://discordapp.com/developers/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |\n| [Flickr](https://www.flickr.com/services/api/) | [link](https://www.flickr.com/services/apps/create/) | [link](https://www.flickr.com/services/auth/list.gne) | 1 | ✓ |  |  |  |  |  |\n| [Foursquare](https://location.foursquare.com/developer/reference/foursquare-apis-overview) | [link](https://foursquare.com/developers/apps) | [link](https://foursquare.com/settings/connections) | 2 | ✓ |  |  |  |  |  |\n| [Gitea](https://docs.gitea.com/api/1.20/) | [link](https://gitea.com/user/settings/applications) | [link](https://gitea.com/user/settings/applications) | 2 | ✓ | ✓ | ✓ |  | ✓ |  |\n| [GitHub](https://docs.github.com/rest) | [link](https://github.com/settings/developers) | [link](https://github.com/settings/applications) | 2 | ✓ | ✓ |  |  | ✓ |  |\n| [GitLab](https://docs.gitlab.com/ee/api/rest/) | [link](https://gitlab.com/profile/applications) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |\n| [Google](https://developers.google.com/oauthplayground/) | [link](https://console.developers.google.com/apis/credentials) | [link](https://myaccount.google.com/connections) | 2 | ✓ | ✓ | ✓ |  |  | ✓ |\n| [GuildWars2](https://wiki.guildwars2.com/wiki/API:Main) | [link](https://account.arena.net/applications) | [link](https://account.arena.net/applications) | 2 | ✓ |  |  |  |  |  |\n| [Imgur](https://apidocs.imgur.com) | [link](https://api.imgur.com/oauth2/addclient) | [link](https://imgur.com/account/settings/apps) | 2 | ✓ | ✓ |  |  | ✓ |  |\n| [LastFM](https://www.last.fm/api/) | [link](https://www.last.fm/api/account/create) | [link](https://www.last.fm/settings/applications) | - | ✓ |  |  |  |  |  |\n| [MailChimp](https://mailchimp.com/developer/) | [link](https://admin.mailchimp.com/account/oauth2/) |  | 2 | ✓ | ✓ |  |  |  |  |\n| [Mastodon](https://docs.joinmastodon.org/api/) | [link](https://mastodon.social/settings/applications) | [link](https://mastodon.social/oauth/authorized_applications) | 2 | ✓ | ✓ |  |  | ✓ |  |\n| [MicrosoftGraph](https://learn.microsoft.com/graph/overview) | [link](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps) | [link](https://account.live.com/consent/Manage) | 2 | ✓ | ✓ |  |  |  |  |\n| [Mixcloud](https://www.mixcloud.com/developers/) | [link](https://www.mixcloud.com/developers/create/) | [link](https://www.mixcloud.com/settings/applications/) | 2 | ✓ |  |  |  |  |  |\n| [MusicBrainz](https://musicbrainz.org/doc/Development) | [link](https://musicbrainz.org/account/applications) | [link](https://musicbrainz.org/account/applications) | 2 | ✓ | ✓ |  |  | ✓ | ✓ |\n| [NPROne](https://dev.npr.org/api/) | [link](https://dev.npr.org/console) |  | 2 | ✓ | ✓ |  |  | ✓ | ✓ |\n| [OpenCaching](https://www.opencaching.de/okapi/) | [link](https://www.opencaching.de/okapi/signup.html) | [link](https://www.opencaching.de/okapi/apps/) | 1 | ✓ |  |  |  |  |  |\n| [OpenStreetmap](https://wiki.openstreetmap.org/wiki/API) | [link](https://www.openstreetmap.org/user/{USERNAME}/oauth_clients) |  | 1 | ✓ |  |  |  |  |  |\n| [OpenStreetmap2](https://wiki.openstreetmap.org/wiki/API) | [link](https://www.openstreetmap.org/oauth2/applications) |  | 2 | ✓ | ✓ |  |  |  |  |\n| [Patreon](https://docs.patreon.com/) | [link](https://www.patreon.com/portal/registration/register-clients) |  | 2 | ✓ | ✓ |  |  | ✓ |  |\n| [PayPal](https://developer.paypal.com/docs/connect-with-paypal/reference/) | [link](https://developer.paypal.com/developer/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |\n| [PayPalSandbox](https://developer.paypal.com/docs/connect-with-paypal/reference/) | [link](https://developer.paypal.com/developer/applications/) |  | 2 | ✓ | ✓ |  | ✓ | ✓ |  |\n| [Pinterest](https://developers.pinterest.com/docs/) | [link](https://developers.pinterest.com/apps/) | [link](https://www.pinterest.com/settings/security) | 2 | ✓ | ✓ |  |  | ✓ |  |\n| [Reddit](https://www.reddit.com/dev/api) | [link](https://www.reddit.com/prefs/apps/) | [link](https://www.reddit.com/settings/privacy) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |\n| [Slack](https://api.slack.com) | [link](https://api.slack.com/apps) | [link](https://slack.com/apps/manage) | 2 | ✓ | ✓ |  |  |  |  |\n| [SoundCloud](https://developers.soundcloud.com/) | [link](https://soundcloud.com/you/apps) | [link](https://soundcloud.com/settings/connections) | 2 | ✓ |  |  | ✓ | ✓ |  |\n| [Spotify](https://developer.spotify.com/documentation/web-api/) | [link](https://developer.spotify.com/dashboard) | [link](https://www.spotify.com/account/apps/) | 2 | ✓ | ✓ | ✓ | ✓ | ✓ |  |\n| [Steam](https://developer.valvesoftware.com/wiki/Steam_Web_API) | [link](https://steamcommunity.com/dev/apikey) |  | - | ✓ |  |  |  |  |  |\n| [Stripe](https://stripe.com/docs/api) | [link](https://dashboard.stripe.com/apikeys) | [link](https://dashboard.stripe.com/account/applications) | 2 | ✓ | ✓ |  |  | ✓ | ✓ |\n| [Tumblr](https://www.tumblr.com/docs/en/api/v2) | [link](https://www.tumblr.com/oauth/apps) | [link](https://www.tumblr.com/settings/apps) | 1 | ✓ |  |  |  |  |  |\n| [Tumblr2](https://www.tumblr.com/docs/en/api/v2) | [link](https://www.tumblr.com/oauth/apps) | [link](https://www.tumblr.com/settings/apps) | 2 | ✓ | ✓ |  | ✓ | ✓ |  |\n| [Twitch](https://dev.twitch.tv/docs/api/reference/) | [link](https://dev.twitch.tv/console/apps/create) | [link](https://www.twitch.tv/settings/connections) | 2 | ✓ | ✓ |  | ✓ | ✓ | ✓ |\n| [Twitter](https://developer.twitter.com/docs) | [link](https://developer.twitter.com/apps) | [link](https://twitter.com/settings/applications) | 1 | ✓ |  |  |  |  |  |\n| [TwitterCC](https://developer.twitter.com/en/docs/basics/authentication/overview/application-only) | [link](https://developer.twitter.com/apps) | [link](https://twitter.com/settings/applications) | 2 |  |  |  | ✓ |  |  |\n| [Vimeo](https://developer.vimeo.com) | [link](https://developer.vimeo.com/apps) | [link](https://vimeo.com/settings/apps) | 2 | ✓ | ✓ |  | ✓ |  | ✓ |\n| [WordPress](https://developer.wordpress.com/docs/api/) | [link](https://developer.wordpress.com/apps/) | [link](https://wordpress.com/me/security/connected-applications) | 2 | ✓ | ✓ |  |  |  |  |\n| [YouTube](https://developers.google.com/oauthplayground/) | [link](https://console.developers.google.com/apis/credentials) | [link](https://myaccount.google.com/connections) | 2 | ✓ | ✓ | ✓ |  |  | ✓ |\n\n**Legend:**\n- **Provider**: the name of the provider class and link to their API documentation\n- **keys**: links to the provider's OAuth application creation page\n- **revoke**: links to the OAuth application access revocation page in the provider's user profile\n- **ver**: the OAuth version(s) supported by the provider\n- **User**: indicates that the provider offers information about the currently authenticated user via the `me()` method (implements the `UserInfo` interface)\n- **CSRF**: indicates that the provider uses [CSRF protection via the `state` parameter](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12) (implements the `CSRFToken` interface)\n- **PKCE**: indicates that the provider supports [Proof Key for Code Exchange](https://datatracker.ietf.org/doc/html/rfc7636) (implements the `PKCE` interface)\n- **CC**: indicates that the provider supports the [Client Credentials Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) (implements the `ClientCredentials` interface)\n- **TR**: indicates that the provider is capable of [refreshing an access token](https://datatracker.ietf.org/doc/html/rfc6749#section-10.4) (implements the `TokenRefresh` interface)\n- **TI**: indicates that the provider is capable of revoking/invalidating an access token (implements the `TokenInvalidate` interface)\n\u003c!-- TABLE-END --\u003e\n\n\n# Disclaimer\nOAuth tokens are secrets and should be treated as such. Store them in a safe place,\n[consider encryption](http://php.net/manual/book.sodium.php). \u003cbr/\u003e\nI don't take responsibility for stolen OAuth tokens. Use at your own risk.\n\n## Privacy policy\n\nThis library does not store or process user data on its own - it only handles the OAuth flow for an application.\u003cbr/\u003e\nImplementers are responsible for a proper privacy policy in accordance with the service providers.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchillerlan%2Fphp-oauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchillerlan%2Fphp-oauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchillerlan%2Fphp-oauth/lists"}