Zoho Desk Provider for PHP League's OAuth 2.0 Client

v1.0.5 2019-07-30 14:56 UTC

This package is auto-updated.

Last update: 2020-03-30 00:26:04 UTC


This package provides Zoho Desk OAuth 2.0 support for the PHP League's OAuth 2.0 Client.Initially, this module was used for the integration of Bybrand with Zoho Desk and is in production (needs improvement).

First, you can do get Client ID and Client Secret in "Zoho Developer console". Full documentation, can be see in Zoho documentation.


composer require bybrand/oauth2-zohodesk


This is a instruction base to get the token, and in then, to save in your database to future request. The method getResourceOwner return your first organization, via /api/v1/organizations. See more in Zoho Desk documentation Get all organizations

You do not need get getResourceOwner if you not need.

use Bybrand\OAuth2\Client\Provider\ZohoDesk as ProviderZohoDesk;;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;

$params = $_GET;

$provider = new ProviderZohoDesk([
    'clientId'     => 'key-id',
    'clientSecret' => 'secret-key',
    'redirectUri'  => 'your-url-redirect',

if (!empty($params['error'])) {
    // Got an error, probably user denied access
    $message = 'Got error: ' . htmlspecialchars($params['error'], ENT_QUOTES, 'UTF-8');

    // Return error.
    echo $message;
if (!isset($params['code']) or empty($params['code'])) {
    // If we don't have an authorization code then get one
    $authorizationUrl = $provider->getAuthorizationUrl([
        'scope' => [

    // Get state and store it to the session
    $_SESSION['oauth2state'] = $provider->getState();

    header('Location: '.$authorizationUrl);
// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($params['state']) || ($params['state'] !== $_SESSION['oauth2state'])) {

    // Set error and redirect.
    echo 'Invalid stage';
} else {
    try {
        // Try to get an access token (using the authorization code grant)
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $params['code']

        // Retriave a first Zoho Desk organization.        
        $organization = $provider->getResourceOwner($token);
    } catch (IdentityProviderException $e) {
        // Error, HTTP code Status
    } catch (\Exception $e) {
        // Error, make redirect or message.

    // Save organization data.
    $id   = $organization->getId(),
    $name = $organization->getOrganizationName(),

    // Use this to interact with an API on the users behalf
    echo $token->getToken();

Please, for more information see the PHP League's general usage examples.

Refreshing a Token

Zoho Desk token refresh is sent only with accessType set to offline. It is important to note that the refresh token is only returned on the first request after this it will be null.

You can do revoke access to get the token refresh in a second request. Visit and navigate to Connected Apps.

$provider = new ProviderZohoDesk([
    'clientId'     => 'key-id',
    'clientSecret' => 'secret-key',
    'redirectUri'  => 'your-url-redirect',
    'accessType'   => 'offline' // Use only for refresh token.

$token = $provider->getAccessToken('authorization_code', [
    'code' => $code

// Persist the token in a database.
$refreshToken = $token->getRefreshToken();

See more details in Generating Access Token From a Refresh Token Zoho Desk Docs.


$ ./vendor/bin/phpunit

or individual method test, by group.

$ ./vendor/bin/phpunit --group=Zoho.GetResourceOwner


The MIT License (MIT). Please see License File for more information.