PHPackages                             aboutyou/auth-sdk - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. aboutyou/auth-sdk

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

aboutyou/auth-sdk
=================

ABOUT YOU External application authorization SDK

0.3.7(11y ago)129.0k21MITPHPPHP &gt;=5.3.0

Since Apr 9Pushed 11y ago1 watchersCompare

[ Source](https://github.com/aboutyou/php-auth-sdk)[ Packagist](https://packagist.org/packages/aboutyou/auth-sdk)[ Docs](https://developer.aboutyou.de)[ RSS](/packages/aboutyou-auth-sdk/feed)WikiDiscussions master Synced 1w ago

READMEChangelogDependencies (1)Versions (14)Used By (1)

**Contents:**

\[TOC\]

auth-sdk
========

[](#auth-sdk)

The auth-sdk is just a simple wrapper around persistent state storage and redirect response parsing for the [OAuth2 web grant type](http://tools.ietf.org/html/rfc6749#section-4.1).

A simpler explanation is given . You should read it at least once, to have a basic understanding of OAuth2. This sdk covers the "Web Server Apps" part mentioned there.

The auth-sdk hides most of the OAuth2 stuff, so you'll basically have to do 3 things (in this order):

- First try to parse the redirect sent back to your site after the login.
    - Call sdk-&gt;parseRedirectResponse()
- Check, if you have permissions (=access token) to call an api method for the user.
    - Call sdk-&gt;getUser()
- If not, redirect the user to an external login page. [1](#user-content-fn-1-e41bccada4f2148a585a397d5d07f8fd)
    - Redirect to sdk-&gt;getLoginUrl()

Your app now should have permissions to make an api call on behalf of the user. Take a look at: `./examples/basic.php`

You can use the acces token then stored in the auth-sdk for subsequent api calls until the token expires. (Server-side or until the user logs out)

Include with composer
---------------------

[](#include-with-composer)

```
  "require": {
    "aboutyou/auth-sdk": "~0.3.6"
  }

```

**If you just want to run the examples now, please refer to the ["Examples"](#examples2) section.**

Oauth2 web grant type usage
---------------------------

[](#oauth2-web-grant-type-usage)

- Have a look at: `./examples/basic.php`

### Create the sdk object

[](#create-the-sdk-object)

```
$authSDK = new AuthSDK(array(
		'clientId'=>'from_dev_center',
		'clientToken'=>'from_dev_center',
		'clientSecret' => 'from_dev_center',
		'redirectUri'=>'entered_in_dev_center',
		'scope'=>'firstname',  //optional. the only valid value is firstname at the moment
		'popup'=>'true|false', //optional. true will render a small login, false the login webpage
	),new SessionStorage());

```

(There are two optional parameters that can be "overwritten" 'loginUrl' and 'resourceUrl'. But usually there is no need for that)

### Parse the response (login redirected back to your site)

[](#parse-the-response-login-redirected-back-to-your-site)

- Call this method first and only once per request
- $parsed will be true, if it was a redirect. Just in case you need this information.

```
$parsed = $authSDK->parseRedirectResponse();

```

### Check user status. Show login or logout

[](#check-user-status-show-login-or-logout)

- Check, if login button|redirect needed

```
$authResult = $authSDK->getUser();
if($authResult->hasErrors()){
	//optional, add values you want to get back on your redirect endpoint
	//but do this before getLoginUrl()
	$authSDK->setState('someKey','someVal');

	renderLoginButton( $authSDK->getLoginUrl() ); //renderLoginButton: your render method
	var_dump($authResult->getErrors());

}else{
	renderLogoutButton( $authSDK->getLogoutUrl() ); //renderLogoutButton: your render method
	var_dump($authResult->getResult()->response);
	var_dump($authSDK->getState('someKey'));

}

```

- Its also possible to set 'state' params (will be returned)
- getLogoutUrl() has an optional parameter redirectUrl. If set, after the logout you will be redirected to that. Else to the 'redirectUri' of the sdk config.
- In both cases getLogoutUrl() will append the get parameter logout=true to redirectUrl (which is used by e.g. parseRedirectUrl() to clean the persistent storage).

\## Examples - Can be found in the folder: `./examples/*`

### Running

[](#running)

- Open a terminal, in the sdk root folder run `php composer.phar install`.

---

 \* If you use php &gt;= 5.4 you can now try `./run.sh` (as root/sudo) in the `./examples` folder. Keep an eye on the console messages (it will complain about the /etc/hosts config, add it). If everything works, you should be able to open the (local) url shown in the console afterwards. ---

\* On Windows, or if run.sh is not working: With php &gt;= 5.4 just try `php -S mytestserver.local:8080` in the `./examples` folder (as root/sudo on linux/osx). Notice you have to add `127.0.0.1 mytestserver.local` to your `/etc/hosts` for this to work. (Windows: system32\\drivers\\etc\\hosts) ---

\* For php &lt; 5.4 refer to your server documentation to create a vhost config with the document root pointing to the `./examples` folder. ### Files

[](#files)

- `./examples/basic.php`:

    - example for typical usecase, just as much code as needed. Note, that you need to set your redirectUrl to {yourdomain}/basic.php
- `./examples/parent_page.php` &amp; `./examples/result_page.php`:

    - example for showing more options, intercepts the redirect, so you can take a look at the params returned. Note, that you need to set your redirectUrl to {yourdomain}/result\_page.php

### Config

[](#config)

- Copy `./example/common_params.php` to `./example/common_params.local.php`
- Change the params in ./example/common\_params.local.php to match your values (from dev center)

Footnotes
---------

1. - If the user is not logged in there, it will grant the user for its username and password and then redirect back to your site with an access token.
    - If your user however already is logged in, it will just redirect back to your site with an access token.
    - There is one more authorization flow step after those possible grants from the user and really fetching the access token, but the auth-sdk will gently hide that from you

    [↩](#user-content-fnref-1-e41bccada4f2148a585a397d5d07f8fd)

###  Health Score

31

—

LowBetter than 68% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity24

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity55

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~21 days

Recently: every ~56 days

Total

13

Last Release

4172d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/c30764d3af35d1f47bbd2efca6e8a04981c8f5e8445b2111b5ecb6956c54f7ca?d=identicon)[nils-droege](/maintainers/nils-droege)

![](https://www.gravatar.com/avatar/3dbf8e2b65da9870a98ee90788a458c5df6d3b4e5c5bf53eab685ffecab19ade?d=identicon)[jniebuhr](/maintainers/jniebuhr)

---

Top Contributors

[![pedromcno](https://avatars.githubusercontent.com/u/3294490?v=4)](https://github.com/pedromcno "pedromcno (2 commits)")

---

Tags

sdkaboutyou

### Embed Badge

![Health badge](/badges/aboutyou-auth-sdk/health.svg)

```
[![Health](https://phpackages.com/badges/aboutyou-auth-sdk/health.svg)](https://phpackages.com/packages/aboutyou-auth-sdk)
```

###  Alternatives

[happyr/linkedin-api-client

LinkedIn API client. Handles OAuth, CSRF protection. Easy to implement and extend. This is a standalone library for any composer project.

1991.6M12](/packages/happyr-linkedin-api-client)[symfonycorp/connect

SymfonyConnect SDK

9245.2k2](/packages/symfonycorp-connect)[surfoo/geocaching-php-sdk

Geocaching PHP SDK

143.4k1](/packages/surfoo-geocaching-php-sdk)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)