PHPackages beyondbluesky/oauth2-pkce-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. beyondbluesky/oauth2-pkce-client ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) beyondbluesky/oauth2-pkce-client ================================ OAuth2 Client implementation using PKCE 1.3.8(2y ago)51.3k↓34.1%[1 issues](https://github.com/beyondbluesky/oauth2pkceclient/issues)CC-BY-NC-SA-4.0PHPPHP >=7.3 Since Aug 27Pushed 2y agoCompare [ Source](https://github.com/beyondbluesky/oauth2pkceclient)[ Packagist](https://packagist.org/packages/beyondbluesky/oauth2-pkce-client)[ RSS](/packages/beyondbluesky-oauth2-pkce-client/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (10)Versions (12)Used By (0) OAuth2 PKCE Enabled client ========================== [](#oauth2-pkce-enabled-client) This Symfony bundle allows a Symfony4/5/6 installation authenticate it's users against an OAuth2 compliant server using the PKCE extension. The PKCE extension RFC-7636 () adds additional security to the OAuth2 protocol and it will be mandatory on future versions of OAuth2. This implementation requires the generation of: - An Authenticator - A Controller to receive the response from the OAuth2 Server - A table to store the session information (oauth2\_session). The table is used to store the session information, including the challenge and verifier strings, used to secure the communication as part of the PKCE extension. - The required config file where we'll store the client\_id, oauth2 uris, etc. - The modification of security.yml to include all the previous configuration Following you'll find all the steps to configure it. Don't worry... Installation ------------ [](#installation) To install it you need to follow the following stemps: 1. Download the latest version of the bundle ``` $ composer require beyondbluesky/oauth2-pkce-client ``` 2. Configure the endpoints of your OAuth2 server with a file at config/packages named oauth2\_pkce\_client: config/packages/oauth2\_pkce\_client.yaml: ``` oauth2_pkce_client: server_uris: auth_uri: https://oauth2.localnet/oauth2/auth token_uri: https://oauth2.localnet/oauth2/token owner_uri: https://oauth2.localnet/oauth2/owner client: id: client_id_provided from our oauth2 server secret: secret provided from our oauth2 server scope: 'authorization_code,user_info,user_auth' redirect_uri: https://oauth2client.localnet/oauth2/check ``` 3. Create a Controller to receive the tokens, that has to match the redirect\_uri path. Following we provide an example code for you to adapt: src/Controller/OAuth2Controller.php: ``` namespace App\Controller; use Symfony\Component\Routing\Annotation\Route; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Session\SessionInterface; use BeyondBlueSky\OAuth2PKCEClient\Entity\OAuth2Session; use BeyondBlueSky\OAuth2PKCEClient\DependencyInjection\OAuth2PKCEClientExtension as OAuth2PKCEClient; /** * Default App controller. * * @Route("/oauth2") */ class OAuth2Controller extends AbstractController { /** * @Route("/login", name="oauth_login", methods={"GET"}) */ public function oauthLogin(Request $request, OAuth2PKCEClient $oauth2) { $session = new OAuth2Session(); $response= $oauth2->getAuthRedirect($session); $this->getDoctrine()->getManager()->persist($session); $this->getDoctrine()->getManager()->flush(); return $response; } /** * @Route("/check", name="oauth_check", methods={"GET"}) */ public function oauthRedirect(Request $request) { $user= $this->getUser(); if ($user == null ) { return new Response(json_encode( ['status' => false, 'message' => "User not found!"] ) ); } else { return $this->redirectToRoute('homepage'); } } } ``` 4. Create a user class. The minimum information should be the username. All other fields are optional and filled in the point 5 of this guide. In our case we'll create a Security\\User inside the Entity folder. If you are new to this, I highly recommend to use the command ``` $ bin/console make:entity ``` And follow the questions asked, adding the username field and all the fields you need for your project. That will generate an ORM configured entity with all the information needed. Once you have created your user, edit it and implement the UserInterface interface to tell Symfony your user entity is a Symfony User: ``` class User implements \Symfony\Component\Security\Core\User\UserInterface ``` With the implementation of the UserInterface you'll have to add a few Symfony functions: ``` public function getRoles(): array { return ['ROLE_USER']; } public function getPassword() { return "-"; } public function getSalt() { return 1; } public function eraseCredentials() { return ; } public function getUsername(): string { return $this->email; } ``` 5. Now we need a new Authenticator. Use to following code as a template. Take into consideration the getUser function, you'll have to fill your user object with the fields that you'll receive from your OAuth2 server. Yo can var\_dump the oauthUser if you are not sure what you are receiving: src/Security/OAuth2Authenticator.php: ``` namespace App\Security; use App\Entity\Security\User; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\User\UserProviderInterface; use Doctrine\ORM\EntityManagerInterface; use BeyondBlueSky\OAuth2PKCEClient\DependencyInjection\OAuth2PKCEClientExtension as OAuth2PKCEClient; use BeyondBlueSky\OAuth2PKCEClient\Security\OAuth2PKCEAuthenticator; /** */ class OAuth2Authenticator extends OAuth2PKCEAuthenticator { public function supports(Request $request): bool{ return $request->getPathInfo() == '/oauth2/check' && $request->isMethod('GET'); } public function getUser($credentials, UserProviderInterface $userProvider) { // With this function we fetch the user's data from the credentials $oauthUser = $this->fetchUser($credentials); $login = $oauthUser->login; $user = $this->em->getRepository(User::class)->findOneBy(['username' => $login]); if (! $user ) { // Now we have to adapt to our local User $user = new User(); $user->setUsername($oauthUser->login); $user->setEmail($oauthUser->email); $user->setName($oauthUser->name); $user->setSurname1($oauthUser->surname1); $user->setSurname2($oauthUser->surname2); $user->setPassword('-'); $user->setRoles(['ROLE_USER']); //$user->setFullname($oauthUser['name']. " ".$oauthUser['surname1']. " ".$oauthUser['surname2']); $user->setCreatedAt(new \DateTime(date('Y-m-d H:i:s'))); $this->em->persist($user); $this->em->flush(); } return $user; } } ``` 6. Update your database schema: schema:update or doctrine:migrations, your choice. ``` $ bin/console doctrine:schema:update --force ``` 7. Configure the security.yaml to point to our new authenticator On the providers section replace the in-memory line for: config/packages/security.yaml: ``` oauth_user_provider: entity: class: App\Entity\Security\User property: username ``` And on firewalls > main refer to your new user provider and add our authenticator created at step 5: ``` firewalls: main: anonymous: lazy provider: oauth_user_provider guard: authenticators: - App\Security\OAuth2Authenticator ``` 8. Enjoy your new OAuth2 authentication! For that go to your Symfony root on a browser and add a oauth2/login to the URL (if you didn't change the paths on the OAuth2Controller). Now you should see the login page of your OAuth2 server. Have fun! ### Health Score 29 — LowBetter than 60% of packages Maintenance16 Infrequent updates — may be unmaintained Popularity24 Limited adoption so far Community6 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~116 days Recently: every ~239 days Total 11 Last Release 917d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8aced26e027318ee32d5370b644236de355b5ebd59574212fbcf62092cdd61b1?d=identicon)[darlock](/maintainers/darlock) --- Top Contributors [![beyondbluesky](https://avatars.githubusercontent.com/u/64601551?v=4)](https://github.com/beyondbluesky "beyondbluesky (76 commits)") --- Tags clientoauth2pkce ### Embed Badge ![Health badge](/badges/beyondbluesky-oauth2-pkce-client/health.svg) ``` [![Health](https://phpackages.com/badges/beyondbluesky-oauth2-pkce-client/health.svg)](https://phpackages.com/packages/beyondbluesky-oauth2-pkce-client) ``` ### Alternatives [simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M193](/packages/simplesamlphp-simplesamlphp)[hwi/oauth-bundle Support for authenticating users using both OAuth1.0a and OAuth2 in Symfony. 2.4k21.5M69](/packages/hwi-oauth-bundle)[knpuniversity/oauth2-client-bundle Integration with league/oauth2-client to provide services 83416.7M61](/packages/knpuniversity-oauth2-client-bundle)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[prestashop/prestashop PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. 9.0k15.4k](/packages/prestashop-prestashop) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)