Multi-provider authentication framework for PHP

Installs: 678 773

Dependents: 91

Suggesters: 2

Security: 0

Stars: 1 650

Watchers: 112

Forks: 243

Open Issues: 34

1.0.0-alpha.1 2014-04-07 17:00 UTC

This package is auto-updated.

Last update: 2024-06-13 09:38:47 UTC


Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby.

Opauth enables PHP applications to do user authentication with ease.

Try out Opauth for yourself at http://opauth.org

Build Status

What is Opauth?

Opauth provides a standardized method for PHP applications to interface with authentication providers.

Opauth as a framework provides a set of API that allows developers to create strategies that work in a predictable manner across PHP frameworks and applications.

Opauth works well with other PHP applications & frameworks. It is currently supported on:

If your PHP framework of choice is not yet listed, you can still use Opauth like you would a normal PHP component (class).

Quick start

Guide on how to run the bundled example.

  1. Set DocumentRoot of your web server to example/. (Opauth can be instantiated in your own PHP app, but we will leave that out of this quick start guide)

  2. Configure Opauth.

    First, make a copy of opauth config's file by copying or renaming opauth.conf.php.default to opauth.conf.php.

    Open up opauth.conf.php and make the necessary changes.

  3. Install some Opauth strategies. Place the strategy files in lib/Opauth/Strategy/.

    For this example, we recommend that you start with Opauth-Facebook:

    i. Download the strategy files and place them at lib/Opauth/Strategy/Facebook/.

    ii. Follow the steps at Opauth-Facebook's README to set up your Faceobok app.

    iii. Add the following at opauth.conf.php under Strategy as such:

'Strategy' => array(
    // Define strategies here.

    'Facebook' => array(
        'app_id' => 'YOUR APP ID',
        'app_secret' => 'YOUR APP SECRET'

Finally, send user to http://localhost/facebook to authenticate.

Check out the wiki for more in-depth details, especially on how to use Opauth with your own PHP application.

Available strategies

A strategy is a set of instructions that interfaces with respective authentication providers and relays it back to Opauth.


Strategy Maintained by
Bitbucket   Bitbucket fancyguy
Disqus   Disqus rasa
Do   Do arbales
Facebook   Facebook uzyn
Flickr   Flickr pocket7878
Foursquare   Foursquare pocket7878
GitHub   GitHub uzyn
Google   Google uzyn
Instagram   Instagram muhdazrain
LinkedIn   LinkedIn uzyn
Live Connect   (Windows) Live uzyn
mixi   mixi ritou
OpenID   OpenID uzyn
PayPal   PayPal 24hours
Sina Weibo   Sina Weibo (新浪微博) dgrabla
Twitter   Twitter uzyn
Vimeo   Vimeo LubosRemplik
VK   VKontakte dgrabla
687474703a2f2f7777772e676f6f676c652e636f6d2f73322f66617669636f6e733f646f6d61696e3d646576656c6f7065722e7961686f6f2e636f2e6a70   Yahoo! Japan (YConnect) ritou
687474703a2f2f7777772e676f6f676c652e636f6d2f73322f66617669636f6e733f646f6d61696e3d627573696e6573732e6c696e652e6d65   LINE Yuzuru Suzuki

Generic strategy: OAuth

See wiki's list of strategies for an updated list of Opauth strategies or to make requests. Refer also to strategy contribution guide if you would like to contribute a strategy.


PHP 5 (>= 5.2) with allow_url_fopen enabled


Opauth needs your contributions, especially the following:

  • More strategies Refer to wiki for contribution guide and inform us when your work is ready.

  • Plugins for more PHP frameworks and CMSes eg. Symfony, Laravel, WordPress, Drupal, etc.

  • Guides & tutorials On how to implement Opauth on CakePHP app, etc.

Issues & questions

Used Opauth in your project? Let us know!


####v0.4.5 (25 Feb 2018)

  • Fixed a Security Incident for unsafe serialize/unserialize. (thanks @YuzuruS #124)

####v0.4.4 (10 May 2013)

  • Added HTTP User-Agent header. (thanks @rkaldung #41)

####v0.4.3 (10 January 2013)

  • Fixed a serverPost() bug where user-supplied options were not applied correctly. (thanks @ritou #26)

####v0.4.2 (28 August 2012)

  • Fix session to check for session_id() instead of $_SESSION (thanks @sirikkoster #20)

####v0.4.1 (22 July 2012)

  • Not starting session if session is already started. (thanks @Claymm)
  • Fixed incorrect error message. (thanks @Claymm)
  • Removed @ for file_get_contents. (thanks @Takehiro-Adachi)

####v0.4.0 (10 June 2012)

  • mapProfile() and clientGet() for OpauthStrategy class.

####v0.3.0 (30 May 2012)

  • Some unit testing
  • More consistent naming of Strategy's internal properties
  • Smarter loading of strategy, able to make a few guesses on where the class file might be at.

####v0.2.0 (23 May 2012)

  • Opauth is now Composer compatible and listed on Packagist
    • Opauth now supports autoloaders
    • If a strategy is not autoloaded, Opauth falls back and searches for it at strategy_dir defined in config.
  • Class name for strategy Foo should now be FooStrategy instead of Foo.
    • This is to reduce the likelihood of class name collision due to Opauth not requiring the use of namespace.
    • v0.1.0-type class name, ie. Foo, still works, but is now deprecated.

####v0.1.0 (22 May 2012)

  • Initial release


The MIT License Copyright © 2012-2013 U-Zyn Chua (http://uzyn.com)


U-Zyn Chua is a Principal Consultant at Zynesis Consulting.