{"id":13405087,"url":"https://github.com/thephpleague/oauth2-google","last_synced_at":"2025-06-18T08:09:00.942Z","repository":{"id":29111940,"uuid":"32641525","full_name":"thephpleague/oauth2-google","owner":"thephpleague","description":"Google Provider for the OAuth 2.0 Client","archived":false,"fork":false,"pushed_at":"2023-11-14T13:21:48.000Z","size":251,"stargazers_count":392,"open_issues_count":6,"forks_count":74,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-09-07T22:24:29.083Z","etag":null,"topics":["google","oauth2","oauth2-provider","php"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"ctjhoa/spacevim","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thephpleague.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-21T17:09:54.000Z","updated_at":"2024-08-30T19:46:10.000Z","dependencies_parsed_at":"2023-11-14T14:31:04.051Z","dependency_job_id":"3c275e85-16b9-47c9-9402-30de99ea3b62","html_url":"https://github.com/thephpleague/oauth2-google","commit_stats":{"total_commits":226,"total_committers":67,"mean_commits":3.373134328358209,"dds":0.7168141592920354,"last_synced_commit":"1b01ba18ba31b29e88771e3e0979e5c91d4afe76"},"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/thephpleague/oauth2-google","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Foauth2-google","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Foauth2-google/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Foauth2-google/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Foauth2-google/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thephpleague","download_url":"https://codeload.github.com/thephpleague/oauth2-google/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Foauth2-google/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260515145,"owners_count":23020619,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["google","oauth2","oauth2-provider","php"],"created_at":"2024-07-30T19:01:55.559Z","updated_at":"2025-06-18T08:08:55.929Z","avatar_url":"https://github.com/thephpleague.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"# Google Provider for OAuth 2.0 Client\n\n[![Build Status](https://img.shields.io/github/actions/workflow/status/thephpleague/oauth2-google/ci.yml?branch=main)](https://github.com/thephpleague/oauth2-google/actions/workflows/ci.yml)\n[![Code Coverage](https://img.shields.io/codecov/c/gh/thephpleague/oauth2-google)](https://app.codecov.io/gh/thephpleague/oauth2-google)\n[![License](https://img.shields.io/packagist/l/league/oauth2-google)](https://github.com/thephpleague/oauth2-google/blob/main/LICENSE)\n[![Latest Stable Version](https://img.shields.io/packagist/v/league/oauth2-google)](https://packagist.org/packages/league/oauth2-google)\n\nThis package provides Google OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).\n\nThis package is compliant with [PSR-1][], [PSR-2][] and [PSR-4][]. If you notice compliance oversights, please send\na patch via pull request.\n\n[PSR-1]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md\n[PSR-2]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md\n[PSR-4]: https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md\n\n## Requirements\n\nThe following versions of PHP are supported.\n\n* PHP 7.3\n* PHP 7.4\n* PHP 8.0\n* PHP 8.1\n* PHP 8.2\n* PHP 8.3\n\nThis package uses [OpenID Connect][openid-connect] to authenticate users with\nGoogle accounts.\n\nTo use this package, it will be necessary to have a Google client ID and client\nsecret. These are referred to as `{google-client-id}` and `{google-client-secret}`\nin the documentation.\n\nPlease follow the [Google instructions][oauth-setup] to create the required credentials.\n\n[openid-connect]: https://developers.google.com/identity/protocols/OpenIDConnect\n[oauth-setup]: https://developers.google.com/identity/protocols/OpenIDConnect#registeringyourapp\n\n## Installation\n\nTo install, use composer:\n\n```sh\ncomposer require league/oauth2-google\n```\n\n## Usage\n\n### Authorization Code Flow\n\n```php\nrequire __DIR__ . '/vendor/autoload.php';\n\nuse League\\OAuth2\\Client\\Provider\\Google;\n\nsession_start(); // Remove if session.auto_start=1 in php.ini\n\n$provider = new Google([\n    'clientId'     =\u003e '{google-client-id}',\n    'clientSecret' =\u003e '{google-client-secret}',\n    'redirectUri'  =\u003e 'https://example.com/callback-url',\n    'hostedDomain' =\u003e 'example.com', // optional; used to restrict access to users on your G Suite/Google Apps for Business accounts\n]);\n\nif (!empty($_GET['error'])) {\n\n    // Got an error, probably user denied access\n    exit('Got error: ' . htmlspecialchars($_GET['error'], ENT_QUOTES, 'UTF-8'));\n\n} elseif (empty($_GET['code'])) {\n\n    // If we don't have an authorization code then get one\n    $authUrl = $provider-\u003egetAuthorizationUrl();\n    $_SESSION['oauth2state'] = $provider-\u003egetState();\n    header('Location: ' . $authUrl);\n    exit;\n\n} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {\n\n    // State is invalid, possible CSRF attack in progress\n    unset($_SESSION['oauth2state']);\n    exit('Invalid state');\n\n} else {\n\n    // Try to get an access token (using the authorization code grant)\n    $token = $provider-\u003egetAccessToken('authorization_code', [\n        'code' =\u003e $_GET['code']\n    ]);\n\n    // Optional: Now you have a token you can look up a users profile data\n    try {\n\n        // We got an access token, let's now get the owner details\n        $ownerDetails = $provider-\u003egetResourceOwner($token);\n\n        // Use these details to create a new profile\n        printf('Hello %s!', $ownerDetails-\u003egetFirstName());\n\n    } catch (Exception $e) {\n\n        // Failed to get user details\n        exit('Something went wrong: ' . $e-\u003egetMessage());\n\n    }\n\n    // Use this to interact with an API on the users behalf\n    echo $token-\u003egetToken();\n\n    // Use this to get a new access token if the old one expires\n    echo $token-\u003egetRefreshToken();\n\n    // Unix timestamp at which the access token expires\n    echo $token-\u003egetExpires();\n}\n```\n\n#### Available Options\n\nThe `Google` provider has the following [options][auth-params]:\n\n- `accessType` to use online or offline access\n- `hostedDomain` to authenticate G Suite users\n- `prompt` to modify the prompt that the user will see\n- `scopes` to request access to additional user information\n\n[auth-params]: https://developers.google.com/identity/protocols/OpenIDConnect#authenticationuriparameters\n\n#### Accessing Token JWT\n\nGoogle provides a [JSON Web Token][jwt] (JWT) with all access tokens. This token\n[contains basic information][openid-jwt] about the authenticated user. The JWT\ncan be accessed from the `id_token` value of the access token:\n\n```php\n/** @var League\\OAuth2\\Client\\Token\\AccessToken $token */\n$values = $token-\u003egetValues();\n\n/** @var string */\n$jwt = $values['id_token'];\n```\n\nParsing the JWT will require a [JWT parser][jwt-parsers]. Refer to parser\ndocumentation for instructions.\n\n[jwt]: https://jwt.io/\n[openid-jwt]: https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo\n[jwt-parsers]: https://packagist.org/search/?q=jwt\n\n### Refreshing a Token\n\nRefresh tokens are only provided to applications which request offline access. You can specify offline access by setting the `accessType` option in your provider:\n\n```php\nuse League\\OAuth2\\Client\\Provider\\Google;\n\n$provider = new Google([\n    'clientId'     =\u003e '{google-client-id}',\n    'clientSecret' =\u003e '{google-client-secret}',\n    'redirectUri'  =\u003e 'https://example.com/callback-url',\n    'accessType'   =\u003e 'offline',\n]);\n```\n\nIt is important to note that the refresh token is only returned on the first request after this it will be `null`. You should securely store the refresh token when it is returned:\n\n```php\n$token = $provider-\u003egetAccessToken('authorization_code', [\n    'code' =\u003e $code\n]);\n\n// persist the token in a database\n$refreshToken = $token-\u003egetRefreshToken();\n```\n\nIf you ever need to get a new refresh token you can request one by forcing the consent prompt:\n\n```php\n$authUrl = $provider-\u003egetAuthorizationUrl(['prompt' =\u003e 'consent', 'access_type' =\u003e 'offline']);\n```\n\nNow you have everything you need to refresh an access token using a refresh token:\n\n```php\nuse League\\OAuth2\\Client\\Provider\\Google;\nuse League\\OAuth2\\Client\\Grant\\RefreshToken;\n\n$provider = new Google([\n    'clientId'     =\u003e '{google-client-id}',\n    'clientSecret' =\u003e '{google-client-secret}',\n    'redirectUri'  =\u003e 'https://example.com/callback-url',\n]);\n\n$grant = new RefreshToken();\n$token = $provider-\u003egetAccessToken($grant, ['refresh_token' =\u003e $refreshToken]);\n```\n\n## Scopes\n\nAdditional [scopes][scopes] can be set by using the `scope` parameter when\ngenerating the authorization URL:\n\n```php\n$authorizationUrl = $provider-\u003egetAuthorizationUrl([\n    'scope' =\u003e [\n        'scope-url-here'\n    ],\n]);\n```\n\n[scopes]: https://developers.google.com/identity/protocols/googlescopes\n\n## Testing\n\nTests can be run with:\n\n```sh\ncomposer test\n```\n\nStyle checks can be run with:\n\n```sh\ncomposer check\n```\n\n## Contributing\n\nPlease see [CONTRIBUTING](https://github.com/thephpleague/oauth2-google/blob/main/CONTRIBUTING.md) for details.\n\n\n## Credits\n\n- [Woody Gilk](https://github.com/shadowhand)\n- [All Contributors](https://github.com/thephpleague/oauth2-google/contributors)\n\n\n## License\n\nThe MIT License (MIT). Please see [License File](https://github.com/thephpleague/oauth2-google/blob/main/LICENSE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthephpleague%2Foauth2-google","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthephpleague%2Foauth2-google","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthephpleague%2Foauth2-google/lists"}