GitLab OAuth 2.0 Client Provider for The PHP League OAuth2-Client

3.1.0 2017-11-01 21:46 UTC


Latest Version Software License Build Status Coverage Status Quality Score Total Downloads

This package provides GitLab OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

GitLab 8.17 or later is required as the V4 API is being used. If compatibility with older versions of GitLab is required use version 2 of this library.


To install, use composer:

composer require omines/oauth2-gitlab


Usage is similar to the basic OAuth client, using \Omines\OAuth2\Client\Provider\Gitlab as the provider.

Authorization Code Flow

$provider = new Omines\OAuth2\Client\Provider\Gitlab([
    'clientId'          => '{gitlab-client-id}',
    'clientSecret'      => '{gitlab-client-secret}',
    'redirectUri'       => '',
    'domain'            => 'https://my.gitlab.example',      // Optional base URL for self-hosted

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    exit('Invalid state');

} else {

    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $_GET['code'],

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $user->getName());

    } catch (Exception $e) {

        // Failed to get user details
        exit('Oh dear...');

    // Use this to interact with an API on the users behalf
    echo $token->getToken();

Managing Scopes

When creating your GitLab authorization URL, you can specify the state and scopes your application may authorize.

$options = [
    'scope' => ['read_user','openid'] // array or string

$authorizationUrl = $provider->getAuthorizationUrl($options);

If neither are defined, the provider will utilize internal defaults 'api'.

Performing API calls

Install m4tthumphrey/php-gitlab-api to interact with the Gitlab API after authentication. Either connect manually:

$client = new \Gitlab\Client('https://my.gitlab.url/api/v4/');
$client->authenticate($token->getToken(), \Gitlab\Client::AUTH_OAUTH_TOKEN);

Or call the getApiClient method on GitlabResourceOwner which does the same implicitly.


$ ./vendor/bin/phpunit


Please see CONTRIBUTING for details.


This code is a modified fork from the official Github provider adapted for Gitlab use, so many credits go to Steven Maguire.


This software was developed for internal use at Omines Full Service Internetbureau in Eindhoven, the Netherlands. It is shared with the general public under the permissive MIT license, without any guarantee of fitness for any particular purpose. Refer to the included LICENSE file for more details.