This package is abandoned and no longer maintained. The author suggests using the chillerlan/php-oauth package instead.

A PHP OAuth client core library

4.0.0 2021-04-14 20:51 UTC

This package is auto-updated.

Last update: 2024-03-23 12:21:22 UTC


ATTENTION: This library has been abandoned and archive in favor of chillerlan/php-oauth

A framework.agnostic PHP OAuth1/2 client that acts as a PSR-18 HTTP client, fully PSR-7/PSR-17 compatible.

PHP Version Support Packagist version License Continuous Integration CodeCov Codacy Packagist downloads


An API documentation created with phpDocumentor can be found at (WIP). See the wiki for advanced documentation and chillerlan/php-oauth-providers for already implemented providers.


  • PHP 8.1+
    • extensions: curl, json, simplexml, sodium, zlib
  • a PSR-18 compatible HTTP client library of your choice
  • PSR-17 compatible Request-, Response- and UriFactories


requires composer

composer.json (note: replace dev-main with a version boundary, e.g. ^5.0)

	"require": {
		"php": "^8.1",
		"chillerlan/php-oauth-core": "dev-main"

In case you want to keep using dev-main, specify the hash of a commit to avoid running into unforeseen issues like so: dev-main#ff85785139b9531a6c29d41cc161e4878d54491d

Implemented Providers

Provider API keys revoke access OAuth ClientCredentials
Amazon link 2
BattleNet link link 2
BigCartel link link 2
Bitbucket link 2
Deezer link link 2
DeviantArt link link 2
Discogs link link 1
Discord link 2
Flickr link link 1
Foursquare link link 2
GitHub link link 2
GitLab link 2
Google link link 2
GuildWars2 link link 2
Imgur link link 2
LastFM link link -
MailChimp link 2
Mastodon link link 2
MicrosoftGraph link link 2
Mixcloud link link 2
MusicBrainz link link 2
NPROne link 2
OpenCaching link link 1
OpenStreetmap link 1
OpenStreetmap2 link 2
Patreon link 2
PayPal link 2
PayPalSandbox link 2
Slack link link 2
SoundCloud link link 2
Spotify link link 2
SteamOpenID link -
Stripe link link 2
Tumblr link link 1
Tumblr2 link link 2
Twitch link link 2
Twitter link link 1
TwitterCC link link 2
Vimeo link link 2
WordPress link link 2
YouTube link link 2



OAuth tokens are secrets and should be treated as such. Store them in a safe place, consider encryption.
I won't take responsibility for stolen auth tokens. Use at your own risk.