chillerlan/php-oauth

A fully transparent, framework agnostic PSR-18 OAuth client.

Fund package maintenance!
Ko-Fi

1.0.2 2024-11-12 19:56 UTC

This package is auto-updated.

Last update: 2024-12-12 20:21:52 UTC


README

A transparent, framework-agnostic, easily extensible PHP PSR-18 OAuth client with a user-friendly API, fully PSR-7/PSR-17 compatible.

PHP Version Support Packagist version License Continuous Integration CodeCov Codacy Packagist downloads Documentation

Overview

Features

Requirements

  • PHP 8.1+
    • extensions: json, sodium
      • from dependencies: curl, fileinfo, intl, mbstring, simplexml, zlib
  • a PSR-18 compatible HTTP client library of your choice
  • PSR-17 compatible RequestFactory, StreamFactory and UriFactory

Documentation

Installation with composer

See the installation guide for more info!

Terminal

composer require chillerlan/php-oauth

composer.json

{
	"require": {
		"php": "^8.1",
		"chillerlan/php-oauth": "^1.0"
	}
}

Note: check the releases for valid versions.

Implemented Providers

Legend:

  • Provider: the name of the provider class and link to their API documentation
  • keys: links to the provider's OAuth application creation page
  • revoke: links to the OAuth application access revocation page in the provider's user profile
  • ver: the OAuth version(s) supported by the provider
  • User: indicates that the provider offers information about the currently authenticated user via the me() method (implements the UserInfo interface)
  • CSRF: indicates that the provider uses CSRF protection via the state parameter (implements the CSRFToken interface)
  • PKCE: indicates that the provider supports Proof Key for Code Exchange (implements the PKCE interface)
  • CC: indicates that the provider supports the Client Credentials Grant (implements the ClientCredentials interface)
  • TR: indicates that the provider is capable of refreshing an access token (implements the TokenRefresh interface)
  • TI: indicates that the provider is capable of revoking/invalidating an access token (implements the TokenInvalidate interface)

Disclaimer

OAuth tokens are secrets and should be treated as such. Store them in a safe place, consider encryption.
I don't take responsibility for stolen OAuth tokens. Use at your own risk.

Privacy policy

This library does not store or process user data on its own - it only handles the OAuth flow for an application.
Implementers are responsible for a proper privacy policy in accordance with the service providers.