PHPackages                             cilogon/oauth2-cilogon - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. cilogon/oauth2-cilogon

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

cilogon/oauth2-cilogon
======================

CILogon OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1.1.6(5y ago)313.6k↓88.7%NCSAPHPPHP &gt;=5.6.0CI failing

Since Oct 11Pushed 3y ago2 watchersCompare

[ Source](https://github.com/cilogon/oauth2-cilogon)[ Packagist](https://packagist.org/packages/cilogon/oauth2-cilogon)[ RSS](/packages/cilogon-oauth2-cilogon/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (7)Dependencies (5)Versions (9)Used By (0)

CILogon Provider for the OAuth 2.0 Client
=========================================

[](#cilogon-provider-for-the-oauth-20-client)

[![License](https://camo.githubusercontent.com/e44a8bfabfab06b50445d653ef7b5f77646e8123976731f15f50b05fc1e099dd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4e4353412d627269676874677265656e2e737667)](https://github.com/cilogon/oauth2-cilogon/blob/master/LICENSE)[![Travis](https://camo.githubusercontent.com/463aa9faf333e336ca6741bf50439036aaac83bd7709b327d83c0e90c19bb62f/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f63696c6f676f6e2f6f61757468322d63696c6f676f6e2f6d61737465722e737667)](https://travis-ci.org/cilogon/oauth2-cilogon)[![Scrutinizer](https://camo.githubusercontent.com/3c9979206e80d92249978cc67de47e1bb29a164249fa98e842b10a7923201a3f/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f63696c6f676f6e2f6f61757468322d63696c6f676f6e2f6d61737465722e737667)](https://scrutinizer-ci.com/g/cilogon/oauth2-cilogon/)[![Coveralls](https://camo.githubusercontent.com/f5ffec96dbe845fbbe49f61d1d34509bf8eb703584c2b7c89edf0ade8eed744a/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f63696c6f676f6e2f6f61757468322d63696c6f676f6e2f6d61737465722e737667)](https://coveralls.io/github/cilogon/oauth2-cilogon?branch=master)

This package provides CILogon OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).

[CILogon](http://www.cilogon.org) facilitates federated authentication for CyberInfrastructure (CI). For more information, see  . Note that CILogon is used primarily by NSF-funded projects. All client registrations are vetted and approved manually.

This package is compliant with [PSR-1](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md), [PSR-2](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md) and [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md). If you notice compliance oversights, please send a patch via pull request.

Requirements
------------

[](#requirements)

The following versions of PHP are supported.

- PHP 7.1
- PHP 7.2
- PHP 7.3
- PHP 7.4
- PHP 8.0
- PHP 8.1

Installation
------------

[](#installation)

To install, use composer:

```
composer require cilogon/oauth2-cilogon

```

Usage
-----

[](#usage)

### Authorization Code Flow

[](#authorization-code-flow)

```
$provider = new League\OAuth2\Client\Provider\CILogon([
    'clientId'     => '{cilogon-client-id}',
    'clientSecret' => '{cilogon-client-secret}',
    'redirectUri'  => 'https://example.com/callback-url',
]);

if (!empty($_GET['error'])) {

    // Got an error, probably user denied access
    exit('Got error: ' . $_GET['error'] .
         'Description: ' . $GET['error_description']);

} elseif (empty($_GET['code'])) {

    // If we don't have an authorization code then get one with all
    // possible CILogon-specific scopes.
    $authUrl = $provider->getAuthorizationUrl([
        'scope' => ['openid','email','profile','org.cilogon.userinfo']
    ]);
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    // Check given state against previously stored one to mitigate CSRF attack
    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {

    try {
        // Try to get an access token using the authorization code grant
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // Print out the access token, which can be used in
        // authenticated requests against the service provider's API.
        echo '' . "\n";
        echo 'Token                  : ' . $token->getToken() . "\n";
        $expires = $token->getExpires();
        if (!is_null($expires)) {
            echo 'Expires                : ' . $token->getExpires();
            echo ($token->hasExpired() ? ' (expired)' : ' (active)') . "\n";
        }
        echo '' . "\n";

        // Using the access token, get the user's details
        $user = $provider->getResourceOwner($token);

        echo '' . "\n";
        echo 'User ID                : ' . $user->getId() . "\n";
        echo 'First name             : ' . $user->getGivenName() . "\n";   // or getFirstName()
        echo 'Last name              : ' . $user->getFamilyName() . "\n";  // or getLastName()
        echo 'Full name              : ' . $user->getName() . "\n";
        echo 'Email                  : ' . $user->getEmail() . "\n";
        echo 'eduPersonPrincipalName : ' . $user->getEPPN() . "\n";
        echo 'eduPersonTargetedId    : ' . $user->getEPTID() . "\n";
        echo 'IdP entityId           : ' . $user->getIdP() . "\n";
        echo 'IdP Display Name       : ' . $user->getIdPName() . "\n";
        echo 'Org Unit               : ' . $user->getOU() . "\n";
        echo 'Affiliation            : ' . $user->getAffiliation() . "\n";
        echo '';

    } catch (Exception $e) {

        // Failed to get access token or user details
        exit('Something went wrong: ' . $e->getMessage());

    }
}
```

### Managing Scopes

[](#managing-scopes)

When creating your CILogon authorization URL, you can specify the state and scopes your application may authorize.

```
$options = [
    'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE',
    'scope' => ['openid','email','profile','org.cilogon.userinfo']
];

$authorizationUrl = $provider->getAuthorizationUrl($options);
```

If neither are defined, the provider will utilize internal defaults.

At the time of authoring this documentation, the following scopes are available.

- openid - Required/Default - gives the CILogon-specific identifier of the user
- email - gives the user's email address
- profile - gives the user's name (given, family, and display, if available)
- org.cilogon.userinfo - gives Identity Provider SAML attributes, e.g., ePPN (eduPersonPrincipalName), ePTID (eduPersonTargetedID), eduPersonScopedAffiliation, ou (organizationalUnitName)

Two additional [CILogon-specific options](http://www.cilogon.org/oidc) are available.

- selected\_idp - the SAML entityId of the user's pre-selected Identity Provider. If given, CILogon UI will present the user with this IdP and ask for consent for release of information. See  for the list of Identity Providers supported by CILogon (those desginated as &lt;Whitelisted&gt;).
- skin - a pre-defined custom CILogon interface skin to change the look of the CILogon site. Contact  to reqeust a custom skin.

Example:

```
$options = [
    'scope' => ['openid','email','profile','org.cilogon.userinfo'],
    'selected_idp' => 'urn:mace:incommon:uiuc.edu', // UIUC
    'skin' => 'globusonline' // For globus.org
];

$authorizationUrl = $provider->getAuthorizationUrl($options);
```

### Using the "test" or "dev" Server

[](#using-the-test-or-dev-server)

Typically, you would use the production server  . However, you can specify a 'server' parameter when creating the provider to use the "test" server  or "dev" server  .

```
// Use the "test" server https://test.cilogon.org

$provider = new League\OAuth2\Client\Provider\CILogon([
    'clientId'     => '{cilogon-client-id}',
    'clientSecret' => '{cilogon-client-secret}',
    'redirectUri'  => 'https://example.com/callback-url',
    'server'       => 'test'
]);
```

### Refreshing a Token

[](#refreshing-a-token)

```
$refreshtoken = $token->getRefreshToken();
$token = $provider->getAccessToken('refresh_token', [
    'refresh_token' => $refreshtoken,
]);
```

License
-------

[](#license)

The University of Illinois/NCSA Open Source License (NCSA). Please see [License File](https://github.com/cilogon/oauth2-cilogon/blob/master/LICENSE) for more information.

###  Health Score

33

—

LowBetter than 72% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity26

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 97.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~235 days

Recently: every ~189 days

Total

8

Last Release

1908d ago

PHP version history (2 changes)1.0.0PHP &gt;=5.5.0

1.1.0PHP &gt;=5.6.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/0cf1c382d3acc207b6ffea4f30524a2b1bcf1453d7902dbcc48110d5f6afa953?d=identicon)[terrencegf](/maintainers/terrencegf)

---

Top Contributors

[![terrencegf](https://avatars.githubusercontent.com/u/135982?v=4)](https://github.com/terrencegf "terrencegf (38 commits)")[![jbasney](https://avatars.githubusercontent.com/u/148492?v=4)](https://github.com/jbasney "jbasney (1 commits)")

---

Tags

clientAuthenticationoauthoauth2authorizationcilogon

###  Code Quality

TestsPHPUnit

Code StylePHP\_CodeSniffer

### Embed Badge

![Health badge](/badges/cilogon-oauth2-cilogon/health.svg)

```
[![Health](https://phpackages.com/badges/cilogon-oauth2-cilogon/health.svg)](https://phpackages.com/packages/cilogon-oauth2-cilogon)
```

###  Alternatives

[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

42223.4M176](/packages/league-oauth2-google)[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

25310.7M83](/packages/thenetworg-oauth2-azure)[cakedc/oauth2-cognito

Cognito OAuth 2.0 Client Provider for The PHP League OAuth2-Client

18623.5k](/packages/cakedc-oauth2-cognito)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
