PHPackages chillerlan/php-oauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. chillerlan/php-oauth ActiveLibrary[HTTP & Networking](/categories/http) chillerlan/php-oauth ==================== A fully transparent, framework agnostic PSR-18 OAuth client. 1.0.3(5mo ago)4210.4k↓26.8%[1 issues](https://github.com/chillerlan/php-oauth/issues)[1 PRs](https://github.com/chillerlan/php-oauth/pulls)2MITPHPPHP ^8.1CI passing Since Apr 17Pushed 5mo ago2 watchersCompare [ Source](https://github.com/chillerlan/php-oauth)[ Packagist](https://packagist.org/packages/chillerlan/php-oauth)[ Docs](https://github.com/chillerlan/php-oauth)[ Fund](https://ko-fi.com/codemasher)[ RSS](/packages/chillerlan-php-oauth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (17)Versions (6)Used By (2) chillerlan/php-oauth ==================== [](#chillerlanphp-oauth) A transparent, framework-agnostic, easily extensible PHP [PSR-18](https://www.php-fig.org/psr/psr-18/) OAuth client with a user-friendly API, fully [PSR-7](https://www.php-fig.org/psr/psr-7/)/[PSR-17](https://www.php-fig.org/psr/psr-17/) compatible. [![PHP Version Support](https://camo.githubusercontent.com/412da2597700361189c0bb8a53e4bb6b7280c776de5cf4104eab9bfb2cc5ac7b/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6368696c6c65726c616e2f7068702d6f617574683f6c6f676f3d70687026636f6c6f723d383839324246266c6f676f436f6c6f723d666666)](https://www.php.net/supported-versions.php)[![Packagist version](https://camo.githubusercontent.com/f512d7215818e0618e7f869ca5dee3350ee15fbad7fbf165d020f771d681b3e2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6368696c6c65726c616e2f7068702d6f617574682e7376673f6c6f676f3d7061636b6167697374266c6f676f436f6c6f723d666666)](https://packagist.org/packages/chillerlan/php-oauth)[![License](https://camo.githubusercontent.com/2ded6203273a4eec9d9b45ab684f71973e6155be189acac1483425368a50f0b3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6368696c6c65726c616e2f7068702d6f617574682e737667)](https://github.com/chillerlan/php-oauth/blob/main/LICENSE)[![Continuous Integration](https://camo.githubusercontent.com/5551ccb57be668532e2d3c4eb569137bf7463db68cf3fc6dad451b948ba76c58/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6368696c6c65726c616e2f7068702d6f617574682f63692e796d6c3f6272616e63683d6d61696e266c6f676f3d676974687562266c6f676f436f6c6f723d666666)](https://github.com/chillerlan/php-oauth/actions/workflows/ci.yml?query=branch%3Amain)[![CodeCov](https://camo.githubusercontent.com/40114fc2b51daec5d8fc354407455eaea177dbf31b75f75fef71c89497496058/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f6368696c6c65726c616e2f7068702d6f617574682e7376673f6c6f676f3d636f6465636f76266c6f676f436f6c6f723d666666)](https://codecov.io/github/chillerlan/php-oauth)[![Codacy](https://camo.githubusercontent.com/6edc6d22bb4786f335623aaf4a1df2dd8b9be36d8e1160b1474b6265304a3495/68747470733a2f2f696d672e736869656c64732e696f2f636f646163792f67726164652f32653833623931363765356134316462613861663462393238666661313361633f6c6f676f3d636f64616379266c6f676f436f6c6f723d666666)](https://app.codacy.com/gh/chillerlan/php-oauth/dashboard)[![Packagist downloads](https://camo.githubusercontent.com/b5f8cad45b8ee33613fb3ef9de9d35a85a2bc95025969d6b1ca91feabd08e717/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6368696c6c65726c616e2f7068702d6f617574682e7376673f6c6f676f3d7061636b6167697374266c6f676f436f6c6f723d666666)](https://packagist.org/packages/chillerlan/php-oauth/stats)[![Documentation](https://camo.githubusercontent.com/214d5a8c0ee066c9ed77d747dbb035b8ea4a3253d9e308a2277210f668c176f1/68747470733a2f2f696d672e736869656c64732e696f2f72656164746865646f63732f7068702d6f617574682f6d61696e3f6c6f676f3d72656164746865646f6373266c6f676f436f6c6f723d666666)](https://php-oauth.readthedocs.io/en/main/) Overview ======== [](#overview) Features -------- [](#features) - OAuth client capabilities - [OAuth 1.0a](https://oauth.net/core/1.0a/) ([RFC-5849](https://datatracker.ietf.org/doc/html/rfc5849)) - [OAuth 2.0](https://oauth.net/2/) ([RFC-6749](https://datatracker.ietf.org/doc/html/rfc6749)) - [Authorization Code Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1) - [Client Credentials Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) - [Token refresh](https://datatracker.ietf.org/doc/html/rfc6749#section-1.5) - [CSRF Token](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12) ("state" parameter) - [RFC-7009: Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009) - [RFC-7636: PKCE](https://datatracker.ietf.org/doc/html/rfc7636) (Proof Key for Code Exchange) - [RFC-9126: PAR](https://datatracker.ietf.org/doc/html/rfc9126) (Pushed Authorization Requests) - [RFC-9449: DPoP](https://datatracker.ietf.org/doc/html/rfc9449) (Demonstrating Proof of Possession) ([planned](https://github.com/chillerlan/php-oauth/issues/3)) - Proprietary, OAuth-like authorization flows (e.g. [Last.fm](https://www.last.fm/api/authentication)) - Invalidation of access tokens (if supported by the provider) - Several built-in provider implementations ([see below](#implemented-providers)) - Provider instances act as [PSR-18](https://www.php-fig.org/psr/psr-18/) HTTP client, wrapping the given PSR-18 HTTP instance - Requests to the provider API will have required OAuth headers and tokens added automatically - Optional token encryption via [`sodium_crypto_secretbox()`](https://www.php.net/manual/en/function.sodium-crypto-secretbox) for the internal storage engines - A unified user data object `AuthenticatedUser` via the `OAuthInterface::me()` method Requirements ------------ [](#requirements) - PHP 8.1+ - extensions: `json`, `sodium` - from dependencies: `curl`, `fileinfo`, `intl`, `mbstring`, `simplexml`, `zlib` - a [PSR-18](https://www.php-fig.org/psr/psr-18/) compatible HTTP client library of your choice - [PSR-17](https://www.php-fig.org/psr/psr-17/) compatible `RequestFactory`, `StreamFactory` and `UriFactory` Documentation ============= [](#documentation) - The user manual is at ([sources](https://github.com/chillerlan/php-oauth/tree/main/docs)) - An API documentation created with [phpDocumentor](https://www.phpdoc.org/) can be found at - The documentation for the `AccessToken`, `AuthenticatedUser` and `OAuthOptions` containers can be found here: [chillerlan/php-settings-container](https://github.com/chillerlan/php-settings-container#readme) - There is [the suite of get-token examples](https://php-oauth.readthedocs.io/en/main/Usage/Using-examples.html), which is mostly intended for development, and there are self-contained examples for a quickstart: - [OAuth1 example](https://github.com/chillerlan/php-oauth/tree/main/examples/example-oauth1.php) - [OAuth2 example](https://github.com/chillerlan/php-oauth/tree/main/examples/example-oauth2.php) Installation with [composer](https://getcomposer.org) ----------------------------------------------------- [](#installation-with-composer) See [the installation guide](https://php-oauth.readthedocs.io/en/main/Basics/Installation.html) for more info! ### Terminal [](#terminal) ``` composer require chillerlan/php-oauth ``` ### composer.json [](#composerjson) ``` { "require": { "php": "^8.1", "chillerlan/php-oauth": "^1.0" } } ``` Note: check the [releases](https://github.com/chillerlan/php-oauth/releases) for valid versions. Implemented Providers ===================== [](#implemented-providers) ProviderkeysrevokeverUserCSRFPKCECCTRTI[Amazon](https://developer.amazon.com/docs/login-with-amazon/web-docs.html)[link](https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html)2✓✓✓[BattleNet](https://develop.battle.net/documentation)[link](https://develop.battle.net/access/clients)[link](https://account.blizzard.com/connections)2✓✓✓[BigCartel](https://developers.bigcartel.com/api/v1)[link](https://bigcartel.wufoo.com/forms/big-cartel-api-application/)[link](https://my.bigcartel.com/account)2✓✓✓[Bitbucket](https://developer.atlassian.com/bitbucket/api/2/reference/)[link](https://developer.atlassian.com/apps/)2✓✓✓✓[Codeberg](https://codeberg.org/api/swagger)[link](https://codeberg.org/user/settings/applications)[link](https://codeberg.org/user/settings/applications)2✓✓✓✓[Deezer](https://developers.deezer.com/api)[link](https://developers.deezer.com/myapps)[link](https://www.deezer.com/account/apps)2✓✓[DeviantArt](https://www.deviantart.com/developers/)[link](https://www.deviantart.com/developers/apps)[link](https://www.deviantart.com/settings/applications)2✓✓✓✓✓[Discogs](https://www.discogs.com/developers/)[link](https://www.discogs.com/settings/developers)[link](https://www.discogs.com/settings/applications)1✓[Discord](https://discord.com/developers/)[link](https://discordapp.com/developers/applications/)2✓✓✓✓✓[Flickr](https://www.flickr.com/services/api/)[link](https://www.flickr.com/services/apps/create/)[link](https://www.flickr.com/services/auth/list.gne)1✓[Foursquare](https://location.foursquare.com/developer/reference/foursquare-apis-overview)[link](https://foursquare.com/developers/apps)[link](https://foursquare.com/settings/connections)2✓[Gitea](https://docs.gitea.com/api/1.20/)[link](https://gitea.com/user/settings/applications)[link](https://gitea.com/user/settings/applications)2✓✓✓✓[GitHub](https://docs.github.com/rest)[link](https://github.com/settings/developers)[link](https://github.com/settings/applications)2✓✓✓[GitLab](https://docs.gitlab.com/ee/api/rest/)[link](https://gitlab.com/profile/applications)2✓✓✓✓[Google](https://developers.google.com/oauthplayground/)[link](https://console.developers.google.com/apis/credentials)[link](https://myaccount.google.com/connections)2✓✓✓✓[GuildWars2](https://wiki.guildwars2.com/wiki/API:Main)[link](https://account.arena.net/applications)[link](https://account.arena.net/applications)2✓[Imgur](https://apidocs.imgur.com)[link](https://api.imgur.com/oauth2/addclient)[link](https://imgur.com/account/settings/apps)2✓✓✓[LastFM](https://www.last.fm/api/)[link](https://www.last.fm/api/account/create)[link](https://www.last.fm/settings/applications)-✓[MailChimp](https://mailchimp.com/developer/)[link](https://admin.mailchimp.com/account/oauth2/)2✓✓[Mastodon](https://docs.joinmastodon.org/api/)[link](https://mastodon.social/settings/applications)[link](https://mastodon.social/oauth/authorized_applications)2✓✓✓[MicrosoftGraph](https://learn.microsoft.com/graph/overview)[link](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps)[link](https://account.live.com/consent/Manage)2✓✓[Mixcloud](https://www.mixcloud.com/developers/)[link](https://www.mixcloud.com/developers/create/)[link](https://www.mixcloud.com/settings/applications/)2✓[MusicBrainz](https://musicbrainz.org/doc/Development)[link](https://musicbrainz.org/account/applications)[link](https://musicbrainz.org/account/applications)2✓✓✓✓[NPROne](https://dev.npr.org/api/)[link](https://dev.npr.org/console)2✓✓✓✓[OpenCaching](https://www.opencaching.de/okapi/)[link](https://www.opencaching.de/okapi/signup.html)[link](https://www.opencaching.de/okapi/apps/)1✓[OpenStreetmap](https://wiki.openstreetmap.org/wiki/API)[link](https://www.openstreetmap.org/user/%7BUSERNAME%7D/oauth_clients)1✓[OpenStreetmap2](https://wiki.openstreetmap.org/wiki/API)[link](https://www.openstreetmap.org/oauth2/applications)2✓✓[Patreon](https://docs.patreon.com/)[link](https://www.patreon.com/portal/registration/register-clients)2✓✓✓[PayPal](https://developer.paypal.com/docs/connect-with-paypal/reference/)[link](https://developer.paypal.com/developer/applications/)2✓✓✓✓[PayPalSandbox](https://developer.paypal.com/docs/connect-with-paypal/reference/)[link](https://developer.paypal.com/developer/applications/)2✓✓✓✓[Pinterest](https://developers.pinterest.com/docs/)[link](https://developers.pinterest.com/apps/)[link](https://www.pinterest.com/settings/security)2✓✓✓[Reddit](https://www.reddit.com/dev/api)[link](https://www.reddit.com/prefs/apps/)[link](https://www.reddit.com/settings/privacy)2✓✓✓✓✓[Slack](https://api.slack.com)[link](https://api.slack.com/apps)[link](https://slack.com/apps/manage)2✓✓[SoundCloud](https://developers.soundcloud.com/)[link](https://soundcloud.com/you/apps)[link](https://soundcloud.com/settings/connections)2✓✓✓[Spotify](https://developer.spotify.com/documentation/web-api/)[link](https://developer.spotify.com/dashboard)[link](https://www.spotify.com/account/apps/)2✓✓✓✓✓[Steam](https://developer.valvesoftware.com/wiki/Steam_Web_API)[link](https://steamcommunity.com/dev/apikey)-✓[Stripe](https://stripe.com/docs/api)[link](https://dashboard.stripe.com/apikeys)[link](https://dashboard.stripe.com/account/applications)2✓✓✓✓[Tidal](https://developer.tidal.com/documentation)[link](https://developer.tidal.com/dashboard)[link](https://account.tidal.com/third-party-apps)2✓✓✓✓✓[TikTok](https://developers.tiktok.com/doc/overview/)[link](https://developers.tiktok.com/apps/)[link](https://example.com/user/settings/connections)2✓✓✓[Tumblr](https://www.tumblr.com/docs/en/api/v2)[link](https://www.tumblr.com/oauth/apps)[link](https://www.tumblr.com/settings/apps)1✓[Tumblr2](https://www.tumblr.com/docs/en/api/v2)[link](https://www.tumblr.com/oauth/apps)[link](https://www.tumblr.com/settings/apps)2✓✓✓✓[Twitch](https://dev.twitch.tv/docs/api/reference/)[link](https://dev.twitch.tv/console/apps/create)[link](https://www.twitch.tv/settings/connections)2✓✓✓✓✓[Twitter](https://developer.twitter.com/docs)[link](https://developer.twitter.com/apps)[link](https://twitter.com/settings/applications)1✓[TwitterCC](https://developer.twitter.com/en/docs/basics/authentication/overview/application-only)[link](https://developer.twitter.com/apps)[link](https://twitter.com/settings/applications)2✓[Vimeo](https://developer.vimeo.com)[link](https://developer.vimeo.com/apps)[link](https://vimeo.com/settings/apps)2✓✓✓✓[WordPress](https://developer.wordpress.com/docs/api/)[link](https://developer.wordpress.com/apps/)[link](https://wordpress.com/me/security/connected-applications)2✓✓[YouTube](https://developers.google.com/oauthplayground/)[link](https://console.developers.google.com/apis/credentials)[link](https://myaccount.google.com/connections)2✓✓✓✓**Legend:** - **Provider**: the name of the provider class and link to their API documentation - **keys**: links to the provider's OAuth application creation page - **revoke**: links to the OAuth application access revocation page in the provider's user profile - **ver**: the OAuth version(s) supported by the provider - **User**: indicates that the provider offers information about the currently authenticated user via the `me()` method (implements the `UserInfo` interface) - **CSRF**: indicates that the provider uses [CSRF protection via the `state` parameter](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12) (implements the `CSRFToken` interface) - **PKCE**: indicates that the provider supports [Proof Key for Code Exchange](https://datatracker.ietf.org/doc/html/rfc7636) (implements the `PKCE` interface) - **CC**: indicates that the provider supports the [Client Credentials Grant](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) (implements the `ClientCredentials` interface) - **TR**: indicates that the provider is capable of [refreshing an access token](https://datatracker.ietf.org/doc/html/rfc6749#section-10.4) (implements the `TokenRefresh` interface) - **TI**: indicates that the provider is capable of revoking/invalidating an access token (implements the `TokenInvalidate` interface) Disclaimer ========== [](#disclaimer) OAuth tokens are secrets and should be treated as such. Store them in a safe place, [consider encryption](http://php.net/manual/book.sodium.php). I don't take responsibility for stolen OAuth tokens. Use at your own risk. Privacy policy -------------- [](#privacy-policy) This library does not store or process user data on its own - it only handles the OAuth flow for an application. Implementers are responsible for a proper privacy policy in accordance with the service providers. ### Health Score 45 — FairBetter than 93% of packages Maintenance70 Regular maintenance activity Popularity34 Limited adoption so far Community11 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~185 days Total 4 Last Release 171d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/ada3d048807a11e536645fb87da881170b18f34c0c61fa09e34807c5d79e0b89?d=identicon)[codemasher](/maintainers/codemasher) --- Top Contributors [![codemasher](https://avatars.githubusercontent.com/u/592497?v=4)](https://github.com/codemasher "codemasher (175 commits)") --- Tags oauthoauth-clientoauth1oauth1-clientoauth2oauth2-clientphpphp8pkce-oauthpsr-18psr-7rfc5849rfc6749rfc7636rfc9126psr-7clientpsr-17psr-18Authenticationoauthoauth2authorizationoauth1pkcerfc7636rfc6749rfc5849 ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/chillerlan-php-oauth/health.svg) ``` [![Health](https://phpackages.com/badges/chillerlan-php-oauth/health.svg)](https://phpackages.com/packages/chillerlan-php-oauth) ``` ### Alternatives [phpro/http-tools HTTP tools for developing more consistent HTTP implementations. 28137.8k](/packages/phpro-http-tools)[zoonman/linkedin-api-php-client LinkedIn API PHP SDK with OAuth 2.0 & CSRF support. Can be used for social sign in or sharing on LinkedIn. Examples. Documentation. 127704.0k](/packages/zoonman-linkedin-api-php-client)[chillerlan/php-httpinterface A PSR-7/17/18 http message/client implementation 1417.1k5](/packages/chillerlan-php-httpinterface)[vultr/vultr-php The Official Vultr API PHP Wrapper. 2243.9k1](/packages/vultr-vultr-php)[amphp/http-client-psr7 PSR-7 adapter for Amp's HTTP client. 1454.7k4](/packages/amphp-http-client-psr7) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)