omines / oauth2-gitlab
GitLab OAuth 2.0 Client Provider for The PHP League OAuth2-Client
Installs: 499 776
Dependents: 14
Suggesters: 0
Security: 0
Stars: 36
Watchers: 6
Forks: 4
Open Issues: 1
Requires
- php: >=8.1
- ext-intl: *
- ext-mbstring: *
- league/oauth2-client: ^2.4.1
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.65.0
- guzzlehttp/psr7: ^2.7.0
- http-interop/http-factory-guzzle: ^1.2
- infection/infection: ^0.27.11
- m4tthumphrey/php-gitlab-api: ^11.14
- mockery/mockery: ^1.6.12
- php-http/guzzle7-adapter: ^1.1.0
- phpstan/extension-installer: ^1.4.3
- phpstan/phpstan: ^2.0.4
- phpstan/phpstan-mockery: ^2.0.0
- phpstan/phpstan-phpunit: ^2.0.3
- phpunit/phpunit: ^10.5.39
Suggests
- m4tthumphrey/php-gitlab-api: For further API usage using the acquired OAuth2 token
README
This package provides GitLab OAuth 2.0 support for the PHP League's OAuth 2.0 Client.
Installation
To install, use composer:
composer require omines/oauth2-gitlab
Usage
Usage is similar to the basic OAuth client, using \Omines\OAuth2\Client\Provider\Gitlab
as the provider.
Authorization Code Flow
$provider = new \Omines\OAuth2\Client\Provider\Gitlab([ 'clientId' => '{gitlab-client-id}', 'clientSecret' => '{gitlab-client-secret}', 'redirectUri' => 'https://example.com/callback-url', 'domain' => 'https://my.gitlab.example', // Optional base URL for self-hosted ]); if (!isset($_GET['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: '.$authUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'], ]); // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getName()); } catch (Exception $e) { // Failed to get user details exit('Oh dear...'); } // Use this to interact with an API on the users behalf echo $token->getToken(); }
Managing Scopes
When creating your GitLab authorization URL, you can specify the state and scopes your application may authorize.
$options = [ 'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE', 'scope' => ['read_user','openid'] // array or string ]; $authorizationUrl = $provider->getAuthorizationUrl($options);
If neither are defined, the provider will utilize internal defaults 'api'
.
Performing API calls
Install m4tthumphrey/php-gitlab-api
to interact with the
Gitlab API after authentication. Either connect manually:
$client = new \Gitlab\Client(); $client->setUrl('https://my.gitlab.url/api/v4/'); $client->authenticate($token->getToken(), \Gitlab\Client::AUTH_OAUTH_TOKEN);
Or call the getApiClient
method on GitlabResourceOwner
which does the same implicitly.
Contributing
Please see CONTRIBUTING for details.
Credits
This code is a modified fork from the official Github provider adapted for Gitlab use, so many credits go to Steven Maguire.
Legal
This software was developed for internal use at Omines Full Service Internetbureau
in Eindhoven, the Netherlands. It is shared with the general public under the permissive MIT license, without
any guarantee of fitness for any particular purpose. Refer to the included LICENSE
file for more details.