Search by 
yasinovsky / oauth2-vkontakte
VKontakte OAuth 2.1 Client Provider for The PHP League OAuth2 Client
Maintainers
3.0.3
2026-03-18 16:12 UTC
Requires
- php: ^7.3 || ^8.0
- ext-json: *
- league/oauth2-client: ^2.0
Requires (Dev)
- mockery/mockery: ~1.4
- phpunit/phpunit: ~9.5
This package is not auto-updated.
Last update: 2026-04-15 16:30:30 UTC
README
This package provides VKontakte OAuth 2.1 support for the PHP League's OAuth 2.0 Client.
This package is compliant with PSR-1, PSR-2, PSR-4, and PSR-7. If you notice compliance oversights, please send a patch via pull request.
Requirements
We support the following versions of PHP:
- PHP 8.5
- PHP 8.4
- PHP 8.3
- PHP 8.2
- PHP 8.1
- PHP 8.0
- PHP 7.4
- PHP 7.3
Installation
composer require yasinovsky/oauth2-vkontakte
Usage
Create VK application using this link
Configuration
$provider = new Yaseek\OAuth2\Client\Provider\Vkontakte([ 'clientId' => '1234567', 'clientSecret' => 's0meRe4lLySEcRetC0De', 'redirectUri' => 'https://example.org/oauth-endpoint', 'scopes' => 'vkid.personal_info email phone', // Optional ]);
Authorization Code Flow
// A session is required to store some session data for later usage session_start(); // If we don't have an authorization code then get one if (!isset($_GET['code'])) { // Fetch the authorization URL from the provider; this returns the // urlAuthorize option and generates and applies any necessary parameters // (e.g. state). $authorizationUrl = $provider->getAuthorizationUrl(); // Get the state generated for you and store it to the session. $_SESSION['oauth2state'] = $provider->getState(); // Redirect the user to the authorization URL. header('Location: ' . $authorizationUrl); exit; // Check given state against previously stored one to mitigate CSRF attack } elseif (empty($_GET['state']) || empty($_SESSION['oauth2state']) || $_GET['state'] !== $_SESSION['oauth2state']) { if (isset($_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); } exit('Invalid state'); } else { try { // Try to get an access token using the authorization code grant. $tokens = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // We have an access token, which we may use in authenticated // requests against the service provider's API. echo 'Access Token: ' . $tokens->getToken() . "<br>"; echo 'Refresh Token: ' . $tokens->getRefreshToken() . "<br>"; echo 'Expired in: ' . $tokens->getExpires() . "<br>"; echo 'Already expired? ' . ($tokens->hasExpired() ? 'expired' : 'not expired') . "<br>"; // Using the access token, we may look up details about the // resource owner. $resourceOwner = $provider->getResourceOwner($tokens); var_export($resourceOwner->toArray()); } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) { // Failed to get the access token or user details. exit($e->getMessage()); } }
Helper methods
Public
$provider->usersGet([1234, 56789]); // => \Yaseek\OAuth2\Client\Provider\VkontakteUser[] $provider->friendsGet(23456); // => \Yaseek\OAuth2\Client\Provider\VkontakteUser[]
With additional data
$providerAccessToken = new \League\OAuth2\Client\Token\AccessToken(['access_token' => 'iAmAccessTokenString']); $provider->usersGet([1234, 56789], $providerAccessToken); // => \Yaseek\OAuth2\Client\Provider\VkontakteUser[] $provider->friendsGet(23456, $providerAccessToken); // => \Yaseek\OAuth2\Client\Provider\VkontakteUser[]