GitLab OAuth 2.0 Client Provider for The PHP League OAuth2-Client

3.6.0 2023-11-06 21:46 UTC


Latest Version Total Downloads test suite codecov Mutation testing badge Software License

This package provides GitLab OAuth 2.0 support for the PHP League's OAuth 2.0 Client.


To install, use composer:

composer require omines/oauth2-gitlab


Usage is similar to the basic OAuth client, using \Omines\OAuth2\Client\Provider\Gitlab as the provider.

Authorization Code Flow

$provider = new \Omines\OAuth2\Client\Provider\Gitlab([
    'clientId'          => '{gitlab-client-id}',
    'clientSecret'      => '{gitlab-client-secret}',
    'redirectUri'       => '',
    'domain'            => 'https://my.gitlab.example',      // Optional base URL for self-hosted

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    exit('Invalid state');

} else {

    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $_GET['code'],

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $user->getName());

    } catch (Exception $e) {

        // Failed to get user details
        exit('Oh dear...');

    // Use this to interact with an API on the users behalf
    echo $token->getToken();

Managing Scopes

When creating your GitLab authorization URL, you can specify the state and scopes your application may authorize.

$options = [
    'scope' => ['read_user','openid'] // array or string

$authorizationUrl = $provider->getAuthorizationUrl($options);

If neither are defined, the provider will utilize internal defaults 'api'.

Performing API calls

Install m4tthumphrey/php-gitlab-api to interact with the Gitlab API after authentication. Either connect manually:

$client = new \Gitlab\Client();
$client->authenticate($token->getToken(), \Gitlab\Client::AUTH_OAUTH_TOKEN);

Or call the getApiClient method on GitlabResourceOwner which does the same implicitly.


Please see CONTRIBUTING for details.


This code is a modified fork from the official Github provider adapted for Gitlab use, so many credits go to Steven Maguire.


This software was developed for internal use at Omines Full Service Internetbureau in Eindhoven, the Netherlands. It is shared with the general public under the permissive MIT license, without any guarantee of fitness for any particular purpose. Refer to the included LICENSE file for more details.