PHPackages                             burnthebook/craft-oauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. burnthebook/craft-oauth

ActiveCraft-plugin[Authentication & Authorization](/categories/authentication)

burnthebook/craft-oauth
=======================

Adds OAuth Functionality to Craft CMS

0.0.5(5mo ago)0112↓100%proprietaryPHPPHP >=8.2

Since Apr 1Pushed 5mo ago1 watchersCompare

[ Source](https://github.com/Burnthebook/craft-oauth)[ Packagist](https://packagist.org/packages/burnthebook/craft-oauth)[ RSS](/packages/burnthebook-craft-oauth/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (9)Versions (6)Used By (0)

OAuth for Craft CMS
===================

[](#oauth-for-craft-cms)

Adds OAuth Functionality to Craft CMS.

Requirements
------------

[](#requirements)

This plugin requires Craft CMS 5.6.0 or later, and PHP 8.2 or later.

Installation
------------

[](#installation)

You can install this plugin from the Plugin Store or with Composer.

### From the Plugin Store

[](#from-the-plugin-store)

Go to the Plugin Store in your project’s Control Panel and search for "OAuth for Craft CMS". Then press "Install".

### With Composer

[](#with-composer)

Open your terminal and run the following commands:

Go to the project directory

```
cd /path/to/my-project.test

```

Tell Composer to load the plugin

```
composer require burnthebook/craft-oauth

```

Tell Craft to install the plugin

```
php craft plugin/install craft-oauth

```

Usage
-----

[](#usage)

You can configure OAuth providers either:

- Through config/oauth.php, or
- Via the Craft Control Panel under Settings → OAuth.

The plugin currently supports connecting to:

ProviderRequired SettingsGitHubClient ID, Client SecretGoogleClient ID, Client SecretFacebookClient ID, Client SecretInstagramClient ID, Client SecretLinkedInClient ID, Client SecretFor each provider, you can define:

- Scopes
- PKCE (Proof Key for Code Exchange) support
- Authorization URL, Token URL, and User Info URL (optional for custom providers)

When connecting a provider, the plugin will handle:

- Redirecting to the authorization URL
- Managing OAuth state
- Receiving and verifying the callback
- Fetching user profile information

After successful login, a user’s connected OAuth accounts will appear in the Craft Control Panel under: **Admin → Users → {User} → OAuth Accounts** as a table showing the linked providers and account IDs.

Adding a Custom Provider
------------------------

[](#adding-a-custom-provider)

If you need to connect to a non-standard OAuth2 provider, you can define a Custom Provider.

1. Create a Provider class extending League\\OAuth2\\Client\\Provider\\AbstractProvider.
2. (Optionally) Create a custom ResourceOwner class implementing ResourceOwnerInterface to handle user data. (This is only really necessary if you provide user data as a response to your access token request, and do not have a userInfo endpoint.)
3. Define your provider in config/oauth.php like so:

```
return [
    'providers' => [
        [
            'handle' => 'yourprovider',
            'provider' => 'custom',
            'providerClass' => \modules\yourmodule\providers\YourProvider::class,
            'clientId' => 'YOUR_CLIENT_ID',
            'clientSecret' => 'YOUR_CLIENT_SECRET',
            'authUrl' => 'https://example.com/oauth/authorize',
            'tokenUrl' => 'https://example.com/oauth/token',
            'userInfoUrl' => 'https://example.com/oauth/userinfo', // Optional if handled by custom provider
            'scopes' => 'read,write',
            'pkce' => true,
        ],
    ],
];

```

Important

Custom providers must be configured in config/oauth.php (not via the Craft Settings UI). You must supply a valid providerClass which implements the necessary OAuth behavior.

The plugin will automatically use your custom provider when the user attempts to log in via OAuth.

Example: Custom Provider Class
------------------------------

[](#example-custom-provider-class)

Here’s a basic example of a custom OAuth provider and resource owner you could use.

Note

The below code is provided as an example only, will need tweaking to your implementation and we cannot assist with custom providers. This plugin uses [league/oauth2-client](https://oauth2-client.thephpleague.com/) under the hood and any custom provider must [conform to their standards.](https://oauth2-client.thephpleague.com/providers/implementing/)

### Provider Class

[](#provider-class)

composer.json:

```
"autoload": {
    "psr-4": {
        // Other modules here...
        "modules\\oauth\\providers\\": "modules/CustomOauthProviders/"
    }
},
```

Provider Class:

```