PHPackages acip/oauth2-whatnot - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. acip/oauth2-whatnot ActiveLibrary[Authentication & Authorization](/categories/authentication) acip/oauth2-whatnot =================== Whatnot Client Provider for The PHP League OAuth2-Client v1.0.1(5mo ago)01.8k↓25%1MITPHPPHP ^8.0 Since Oct 11Pushed 5mo ago1 watchersCompare [ Source](https://github.com/acip/oauth2-whatnot)[ Packagist](https://packagist.org/packages/acip/oauth2-whatnot)[ RSS](/packages/acip-oauth2-whatnot/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (6)Versions (4)Used By (0) Whatnot Provider for OAuth 2.0 Client ===================================== [](#whatnot-provider-for-oauth-20-client) [![License](https://camo.githubusercontent.com/4f55f4a62c82b8d04d8c2cc4cb2ce8d23bf5787b31f97a34df5b581739849e4e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f616369702f6f61757468322d776861746e6f74)](https://github.com/acip/oauth2-whatnot/blob/main/LICENSE)[![Latest Stable Version](https://camo.githubusercontent.com/1b3d3a7456e7ea3a3764c8a9ce57ed3fed5f18ba8b8b634a1e455448e00c0a1c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616369702f6f61757468322d776861746e6f74)](https://packagist.org/packages/acip/oauth2-whatnot) This package provides [Whatnot](https://whatnot.com/) OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client). This package is compliant with [PSR-1](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md), [PSR-2](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md) and [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md). If you notice compliance oversights, please send a patch via pull request. Requirements ------------ [](#requirements) To use this package, it will be necessary to have a Whatnot client ID and client secret. These are referred to as `{whatnot-client-id}` and `{whatnot-client-secret}` in the documentation. Please follow the [Whatnot instructions](https://developers.whatnot.com/docs/getting-started/authentication) to create the required credentials. Installation ------------ [](#installation) To install, use composer: ``` composer require acip/oauth2-whatnot ``` Usage ----- [](#usage) ### Authorization Code Flow [](#authorization-code-flow) ``` require __DIR__ . '/vendor/autoload.php'; use Acip\OAuth2\Client\Provider\Whatnot; use Acip\OAuth2\Client\Provider\WhatnotMode; session_start(); header('Content-Type: text/plain'); $clientId = '{whatnot-client-id}'; $clientSecret = '{whatnot-client-secret}'; $redirectUri = 'https://example.com/callback-url'; $provider = new Whatnot( [ 'clientId' => $clientId, 'clientSecret' => $clientSecret, 'redirectUri' => $redirectUri, ], mode: WhatnotMode::STAGE // use WhatnotMode::LIVE for production ); if (empty($_GET['code'])) { // Step 1. redirect to the authorization URL $options = [ // use the 'scope' key to specify the desired scopes // see https://developers.whatnot.com/docs/getting-started/authentication#available-scopes 'scope' => ['read:inventory', 'write:inventory'], ]; $authorizationUrl = $provider->getAuthorizationUrl($options); $_SESSION['oauth2state'] = $provider->getState(); header('Location: ' . $authorizationUrl); exit; } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { // State is invalid, possible CSRF attack in progress unset($_SESSION['oauth2state']); exit('Invalid state'); } elseif (isset($_GET['code'])) { // Step 2. retrieve access and refresh tokens based on the authorization code // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'], 'client_id' => $clientId, ]); // store the token and the refresh token securely // $refreshToken = $token->getRefreshToken(); // $accessToken = $token->getToken(); // Optional: Now you have a token you can look up a users profile data try { // We got an access token, let's now get the user's details $resourceOwner = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $resourceOwner->getId()); } catch (Exception $e) { // Failed to get user details exit('Oh dear... ' . $e->getMessage()); } } ``` ### Refreshing a Token [](#refreshing-a-token) It is important to note that the refresh token is invalidated when it is succefully used. You should securely store the refresh token when it is returned: ``` require __DIR__ . '/vendor/autoload.php'; use Acip\OAuth2\Client\Provider\Whatnot; use Acip\OAuth2\Client\Provider\WhatnotMode; $provider = new Whatnot([ 'clientId' => '{whatnot-client-id}', 'clientSecret' => '{whatnot-client-secret}', 'redirectUri' => 'https://example.com/callback-url', ], mode: WhatnotMode::STAGE ); $refreshToken = $token->getRefreshToken(); $grant = new \League\OAuth2\Client\Grant\RefreshToken(); $newToken = $provider->getAccessToken($grant, ['refresh_token' => $refreshToken]); $refreshToken = $token->getRefreshToken(); $accessToken = $token->getToken(); // store the new access token and the refresh token securely ``` Scopes ------ [](#scopes) [Scopes](https://developers.whatnot.com/docs/getting-started/authentication#available-scopes) can be set by using the `scope` parameter when generating the authorization URL: ``` $authorizationUrl = $provider->getAuthorizationUrl([ 'scope' => ['read:inventory', 'write:inventory'], ]); ``` Testing ------- [](#testing) Tests can be run with: ``` composer test ``` Credits ------- [](#credits) - [Ciprian Amariei](https://github.com/acip) - [All Contributors](https://github.com/acip/oauth2-whatnot/contributors) Sponsors -------- [](#sponsors) [Aureus POS - The Gold Standard Of Bullion & Collectibles Software](https://www.aureuspos.com/) License ------- [](#license) The MIT License (MIT). Please see [License File](https://github.com/thephpacip/oauth2-whatnot/blob/main/LICENSE) for more information. ### Health Score 40 — FairBetter than 88% of packages Maintenance73 Regular maintenance activity Popularity21 Limited adoption so far Community8 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~433 days Total 2 Last Release 151d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9bc2b4ea42a2ee27b252de32495f074c07864f147792ada600184763d3906b2c?d=identicon)[acip](/maintainers/acip) --- Top Contributors [![acip](https://avatars.githubusercontent.com/u/1649442?v=4)](https://github.com/acip "acip (4 commits)") --- Tags clientoauthoauth2whatnot ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/acip-oauth2-whatnot/health.svg) ``` [![Health](https://phpackages.com/badges/acip-oauth2-whatnot/health.svg)](https://phpackages.com/packages/acip-oauth2-whatnot) ``` ### Alternatives [league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[mollie/oauth2-mollie-php Mollie Provider for OAuth 2.0 Client 251.7M1](/packages/mollie-oauth2-mollie-php)[omines/oauth2-gitlab GitLab OAuth 2.0 Client Provider for The PHP League OAuth2-Client 36721.5k13](/packages/omines-oauth2-gitlab) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)