ahnlak/oauth2-forgejo

Forgejo support for the PHP League's OAuth 2.0 Client

Maintainers

Details

codeberg.org/ahnlak/oauth2-forgejo

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

v0.1.0 2025-08-29 15:56 UTC

Requires

MIT b1b49ddcc4bf1d380f034fe2558297fa75cb633f

  • Pete Favelle <ahnlak.woop@ahnlak.com>

authorizationclientoauthoauth2authorisationforgejo

This package is not auto-updated.

Last update: 2025-08-30 14:24:35 UTC

README

This package provides Forgejo support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require ahnlak/oauth2-forgejo

Usage

Usage is the same as The League's OAuth client, using \Ahnlak\OAuth2\Client\Provider\Forgejo as the provider.

Authorization Code Flow

$provider = new Ahnlak\OAuth2\Client\Provider\Forgejo([
    'clientId'                => 'XXXXXX',    // The client ID assigned to you by the provider
    'clientSecret'            => 'XXXXXX',    // The client password assigned to you by the provider
    'redirectUri'             => 'https://my.example.com/your-redirect-url/',
    'forgejoUri'              => 'https://my-forgejo.instance.com'
]);

// A session is required to store some session data for later usage
session_start();

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl();

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: ' . $authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || empty($_SESSION['oauth2state']) || $_GET['state'] !== $_SESSION['oauth2state']) {

    if (isset($_SESSION['oauth2state'])) {
        unset($_SESSION['oauth2state']);
    }

    exit('Invalid state');

} else {

    try {
    
        // Try to get an access token using the authorization code grant.
        $tokens = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // Using the access token, we may look up details about the
        // resource owner.
        $resourceOwner = $provider->getResourceOwner($accessToken);

        var_export($resourceOwner->toArray());

    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());

    }

}

Credits

This package draws a lot of inspiration from The League's official Github provider; any shortcomings are entirely my own work!

License

This package is released under the MIT License.