PHPackages cirrusidentity/simplesamlphp-module-authoauth2 - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. cirrusidentity/simplesamlphp-module-authoauth2 ActiveSimplesamlphp-module[Authentication & Authorization](/categories/authentication) cirrusidentity/simplesamlphp-module-authoauth2 ============================================== SSP Module for Oauth2 authentication sources v5.2.0(2mo ago)3399.8k↑17.9%29[10 issues](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/issues)[1 PRs](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/pulls)LGPL-2.1-onlyPHPPHP ^8.1CI failing Since Aug 21Pushed 2mo ago12 watchersCompare [ Source](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2)[ Packagist](https://packagist.org/packages/cirrusidentity/simplesamlphp-module-authoauth2)[ RSS](/packages/cirrusidentity-simplesamlphp-module-authoauth2/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)DependenciesVersions (30)Used By (0) [![Build Status](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/workflows/CI/badge.svg?branch=master)](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/workflows/CI/badge.svg?branch=master) SimpleSAMLphp OAuth2 Authentication Source Module ================================================= [](#simplesamlphp-oauth2-authentication-source-module) This is a generic module for authentication against an OAuth2 or OIDC server. It performs the `authorization_code` flow and then uses the resulting access token to query an endpoint to get the user's attributes. It is a wrapper around the excellent [PHP League OAuth2 Client](http://oauth2-client.thephpleague.com/). SSP 2 ----- [](#ssp-2) Compatability work for SSP2 will happen in the [ssp2](https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/tree/ssp2) branch. SSP as an OIDC server --------------------- [](#ssp-as-an-oidc-server) If you are interested in using SSP as an OIDC OP see the [OIDC module](https://github.com/rediris-es/simplesamlphp-module-oidc). **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* - [Installation](#installation) - [Changelog](#changelog) - [Usage](#usage) - [Redirect URI](#redirect-uri) - [Provider specific Tips](#provider-specific-tips) - [scope or scopes: What parameters can be passed?](#scope-or-scopes-what-parameters-can-be-passed) - [Generic Usage](#generic-usage) - [OpenID Connect Usage](#openid-connect-usage) - [Provider Specific Usage](#provider-specific-usage) - [Template Specific Usage](#template-specific-usage) - [Samples](#samples) - [Generic Facebook](#generic-facebook) - [Generic Amazon](#generic-amazon) - [Generic Google](#generic-google) - [Provider Specific Google](#provider-specific-google) - [Debugging](#debugging) - [HTTP Logging](#http-logging) - [Using Curl](#using-curl) - [Migrating from an existing auth module](#migrating-from-an-existing-auth-module) - [Calling OAuth2ResponseHandler](#calling-oauth2responsehandler) - [Development](#development) - [Docker](#docker) - [Facebook test user](#facebook-test-user) - [Testing OIDC Logout](#testing-oidc-logout) - [Code style](#code-style) Installation ============ [](#installation) The module can be installed with composer. ``` composer require cirrusidentity/simplesamlphp-module-authoauth2 ``` If you are on SSP 2.3 use version 5. See Changelog for breaking changes If you are on SSP 2 use version 4. If you are on SSP 1.X use version 3. Or you can install the latest from master ``` composer require cirrusidentity/simplesamlphp-module-authoauth2:dev-master ``` If you install into a tar ball distribution of SSP then composer, by default, will also install all `dev` dependencies for SSP and this module. This can be a long list. If you prefer not having dev dependencies installed, then you can use. ``` composer require --no-update cirrusidentity/simplesamlphp-module-authoauth2 && composer update --no-dev cirrusidentity/simplesamlphp-module-authoauth2 ``` Changelog --------- [](#changelog) [View the change log](CHANGELOG.md) There are breaking changes in version 5. - URLs are generated without `.php` extensions. To use the older style urls enable `'useLegacyRoutes' => true` - If you previously migrated to this module from `authfacebook` or some other module AND opted to not update your client app redirect urls then you may need to do add some rewrite rules to your webserver. Usage ===== [](#usage) The generic OAuth2 client is configured with - the OAuth2 server endpoints - the client secret/id - optional parameters for scope - optional query parameters for the authorization url Redirect URI ------------ [](#redirect-uri) Almost all OAuth2/OIDC providers will require you to register a redirect URI. Use a url of the form below, and set hostname, SSP\_PATH and optionally port to the correct values. ``` https://hostname/SSP_PATH/module.php/authoauth2/linkback.php ``` Provider specific Tips ---------------------- [](#provider-specific-tips) - [Bitbucket](/docs/BITBUCKET.md) - [Google](/docs/GOOGLE.md) - [LinkedIn](/docs/LINKEDIN.md) - [Microsoft](/docs/MICROSOFT.md) scope or scopes: What parameters can be passed? ----------------------------------------------- [](#scope-or-scopes-what-parameters-can-be-passed) The majority of configuration items are passed through to the `provider` implementation so it will depend on the provider you choose. If you use the authsource `authoauth2:OAuth2` without overriding the `providerClass` then the options from "Generic Usage" will work. If you use `authoauth2:OpenIDConnect` then a different set of configuration options are available. **scope vs scopes**: The default provider used by `authoauth2:OAuth2` supports setting `'scopes' => ['email']` or by setting `scope` in `urlAuthorizeOptions`. Other providers may only support the latter (setting in `urlAuthorizeOptions`). Generic Usage ------------- [](#generic-usage) Generic usage provides enough configuration parameters to use with any OAuth2 or OIDC server. ``` 'oauth2' => array( 'authoauth2:OAuth2', // *** Required for all integrations *** 'urlAuthorize' => 'https://www.example.com/oauth2/authorize', 'urlAccessToken' => 'https://www.example.com/oauth2/token', 'urlResourceOwnerDetails' => 'https://api.example.com/userinfo', // You can add query params directly to urlResourceOwnerDetails or use urlResourceOwnerOptions. 'urlResourceOwnerOptions' => [ 'fields' => 'id,name,first_name,last_name,email' ], // allow fields from token response to be query params on resource owner details request 'tokenFieldsToUserDetailsUrl' => [ 'fieldName' => 'queryParamName', 'access_token' => 'access_token', 'user_id' > 'user_id', ], // *** Required for most integrations *** // Test App. 'clientId' => '133972730583345', 'clientSecret' => '36aefb235314bad5df075363b79cbbcd', // *** Optional *** // Custom query parameters to add to authorize request 'urlAuthorizeOptions' => [ 'prompt' => 'always', // The underlying OAuth2 library also supports overriding requested scopes //'scope' => ['other'] ], 'useConsentErrorPage' => false|true, // If set to true then /linkback.php, /logout.php, /loggedout.php, /consent/error.php legacy route is enabled // if set to false or omitted the /linkback, /logout, /loggedout, /consent/error route is enable 'useLegacyRoutes' => false|true, // Default scopes to request 'scopes' => ['email', 'profile'], 'scopeSeparator' => ' ', // Customize redirect, if you don't want to use the standard /module.php/authoauth2/linkback.php 'redirectUri' => 'https://myapp.example.com/callback', // See League\OAuth2\Client\Provider\GenericProvider for more options // Guzzle HTTP config // Wait up to 3.4 seconds for Oauth2 servers to respond //http://docs.guzzlephp.org/en/stable/request-options.html#timeout 'timeout' => 3.4, // http://docs.guzzlephp.org/en/stable/request-options.html#proxy 'proxy' => [ ], // All attribute keys will have this prefix 'attributePrefix' => 'someprefix.', // Enable logging of request/response. This *will* leak you client secret and tokens into the logs 'logHttpTraffic' => true, //default is false 'logMessageFormat' => 'A Guzzle MessageFormatter format string', // default setting is sufficient for most debugging 'logIdTokenJson' => true, //default false. Log the json in the ID token. ), ``` OpenID Connect Usage -------------------- [](#openid-connect-usage) For providers that support OpenID Connect discovery protocol the configuration can be simplified a bit. Only the issuer url, client id and client secret are required.. Not all configuration options from `authoauth2:OAuth2` are supported in `OpenIDConnect` ``` 'openidconnect' => array( 'authoauth2:OpenIDConnect', // *** Required for all integrations *** 'issuer' => 'https://www.example.com', # e.g https://accounts.google.com 'clientId' => '133972730583345', 'clientSecret' => '36aefb235314bad5df075363b79cbbcd', // Most Optional settings for OAuth2 above can be used // *** Optional *** // Customize post logout redirect, if you don't want to use the standard /module.php/authoauth2/loggedout.php 'postLogoutRedirectUri' => 'https://myapp.example.com/loggedout' // Set a specific discovery url. Default is $issuer/.well-known/openid-configuration 'discoveryUrl' => 'https://login.microsoftonline.com/common/.well-known/openid-configuration', // Check if the issuer in the ID token matches the one from discovery. Default true. For some multi-tenant // applications (for example cross tenant Azure logins) the token issuer varies with tenant 'validateIssuer' => false, // Earlier version OpenIDConnect authsource doesn't support using `scopes` for overriding scope //'urlAuthorizeOptions' => [ // 'scope' => 'openid' //] ), ``` If your OP supports front channel single logout, you can configure `https://hostname/SSP_PATH/module.php/authoauth2/logout.php?authSource=AUTHSOURCE` where `AUTHSOURCE` is the id of your authsource in the authsources configuration (`openidconnect` in the example above) Provider Specific Usage ----------------------- [](#provider-specific-usage) There are numerous [Official](http://oauth2-client.thephpleague.com/providers/league/) and [Third-Party](http://oauth2-client.thephpleague.com/providers/thirdparty/) providers that you can use instead of the generic OAuth2 provider. Using one of those providers can simplify the configurations. To use a provider you must first install it `composer require league/oauth2-some-provider`and then configure it. ``` 'providerExample' => array( // Must install correct provider with: composer require league/oauth2-example 'authoauth2:OAuth2', 'providerClass' => 'League\OAuth2\Client\Provider\SomeProvider', 'clientId' => 'my_id', 'clientSecret' => 'my_secret', ), ``` Template Specific Usage ----------------------- [](#template-specific-usage) For some OAuth2 providers the generic endpoint configurations are already defined in `ConfigTemplate`. You can reference this to reduce the amount of typing needed in your authsource ``` 'google' => array_merge(\SimpleSAML\Module\authoauth2\ConfigTemplate::GoogleOIDC, [ 'clientId' => '3473456456-qqh0n4b5rrt7vkapgk3e4osre40.apps.googleusercontent.com', 'clientSecret' => 'shhh', 'urlAuthorizeOptions' => [ 'hd' => 'example.com', ], ]), ``` or by using the template option ``` 'providerExample' => array( 'authoauth2:OAuth2', 'template' => 'GoogleOIDC', 'clientId' => 'my_id', 'clientSecret' => 'my_secret', ), ``` Samples ------- [](#samples) Several of these samples show how to configure the generic endpoint to authenticate against Facebook, Amazon and Google, etc. In a lot of cases you can use a template from `ConfigTemplate` to make the configuration cleaner or you can use a provider specific implementations of the base OAuth2 client. ### Generic Facebook [](#generic-facebook) You can use the Facebook template `'template' => 'Facebook',` and then provide just the `clientId` and `clientSecret` to have a cleaner looking config ``` 'templateFacebook' => [ 'authoauth2:OAuth2', 'template' => 'Facebook', 'clientId' => '13397273example', 'clientSecret' => '36aefb235314baexample', ], 'genericFacebookTest' => array( 'authoauth2:OAuth2', // *** Facebook endpoints *** 'urlAuthorize' => 'https://www.facebook.com/dialog/oauth', 'urlAccessToken' => 'https://graph.facebook.com/oauth/access_token', // Add requested attributes as fields 'urlResourceOwnerDetails' => 'https://graph.facebook.com/me?fields=id,name,first_name,last_name,email', // *** My application *** 'clientId' => '13397273example', 'clientSecret' => '36aefb235314baexample', 'scopes' => 'email', // *** Optional *** // Custom query parameters to add to authorize request 'urlAuthorizeOptions' => [ // Force use to reauthenticate 'auth_type' => 'reauthenticate', ], ), ``` ### Generic Amazon [](#generic-amazon) ``` 'genericAmazonTest' => array( 'authoauth2:OAuth2', // *** Amazon Endpoints *** 'urlAuthorize' => 'https://www.amazon.com/ap/oa', 'urlAccessToken' => 'https://api.amazon.com/auth/o2/token', 'urlResourceOwnerDetails' => 'https://api.amazon.com/user/profile', // *** My application *** 'clientId' => 'amzn1.application-oa2-client.94d04152358dexample', 'clientSecret' => '8681bdd290df87example', 'scopes' => 'profile', ), ``` ### Generic Google [](#generic-google) View [full Google](/docs/GOOGLE.md) instructions. ``` 'genericGoogleTest' => array( 'authoauth2:OAuth2', // *** Google Endpoints *** 'urlAuthorize' => 'https://accounts.google.com/o/oauth2/auth', 'urlAccessToken' => 'https://accounts.google.com/o/oauth2/token', 'urlResourceOwnerDetails' => 'https://www.googleapis.com/oauth2/v3/userinfo', // *** My application *** 'clientId' => '685947170891-exmaple.apps.googleusercontent.com', 'clientSecret' => 'wV0FdFs_example', 'scopes' => array( 'openid', 'email', 'profile' ), 'scopeSeparator' => ' ', ), ``` ### Provider Specific Google [](#provider-specific-google) View [full Google](/docs/GOOGLE.md) instructions. ``` 'googleProvider' => array( // Must install correct provider with: composer require league/oauth2-google 'authoauth2:OAuth2', 'providerClass' => 'League\OAuth2\Client\Provider\Google', 'clientId' => 'client_id', 'clientSecret' => 'secret', ), ``` Debugging ========= [](#debugging) HTTP Logging ------------ [](#http-logging) You can enable http logging with the `logHttpTraffic` flag and optionally customize the format with `logMessageFormat`. See Guzzle's `MessageFormatter` class for how to define a format string. **security note:** enabling http logging will make your client secret and any returned access or id tokens to appear in your logs. Using Curl ---------- [](#using-curl) You can use `curl` on the command line to interact with the OAuth2/OIDC server. **Get Code** The first step is get a valid code AND ensure the module doesn't try to use it. This can be done by constructing an authorize url with an invalid state value but with all other params correct [https://as.example.com/openid/authorize?state=invalid-state&scope=openid&response\_type=code&redirect\_uri=https%3A%2F%2Fmyapp.example.com%2Fsimplesaml%2Fmodule.php%2Fauthoauth2%2Flinkback.php&client\_id=my\_client](https://as.example.com/openid/authorize?state=invalid-state&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fmyapp.example.com%2Fsimplesaml%2Fmodule.php%2Fauthoauth2%2Flinkback.php&client_id=my_client) If you log in with the above it will redirect you back to your SSP instance with an `authorization_code` (which you should capture) and then your SSP instance will report an error about an invalid state parameter. The state check happens prior to consuming the `authorization_code` so you know SSP hasn't used it. **Get Access Token** Now you can use the code and try to get an access token ``` curl -d "code=REPLACE" \ -d "client_secret=my_secret" \ -d "client_id=my_client" \ -d "redirect_uri=https://myapp.example.com/simplesaml/module.php/authoauth2/linkback.php" \ -d 'grant_type=authorization_code' \ https://as.example.com/openid/token ``` **Get User Info** Take the access token from above and call the user info endpoint ``` curl -H "Authorization: Bearer $ACCESS_TOKEN" https://as.example.com/userInfo ``` Migrating from an existing auth module ====================================== [](#migrating-from-an-existing-auth-module) If you are migrating away from an existing auth module, such as `authfacebook` you will need to one of the following: - add this module's `authoauth2` redirect URI to the facebook app, or - override the `authoauth2` authsource's redirect URI to match the `authfacebook` uri (`https://myserver.com/module.php/authfacebook/linkback.php)` AND do one of the following - configure an Apache rewrite rule to change '/module.php/authfacebook/linkback.php' to '/module.php/authoauth2/linkback.php' - Prior to the move to version 5 and Controllers we supported two addtional ways. These will not work in version 5 since the referenced files to not exist - symlink or edit `/modules/authfacebook/www/linkback.php` to invoke the `/modules/authoauth2/public/linkback.php` - edit `/modules/authfacebook/www/linkback.php` to conditionally call `OAuth2ResponseHandler` (see below) Some social providers support multiple login protocols and older SSP modules may use the non-OAuth2 version for login. To migrate to this module you may need to make some application changes. For example - the LinkedIn module uses oauth1 and you may need to make adjustments to your app to move to their oauth2 API - moving from OpenID 2 Yahoo logins to OIDC Yahoo logins requires creating a Yahoo app. Calling OAuth2ResponseHandler ----------------------------- [](#calling-oauth2responsehandler) To migrate from an existing module you can adjust that modules `linkback`/redirect handler to conditionally use the `OAuth2ResponseHandler`In the below example the code will use the `authoauth2` if that is what initiated the process else use the existing handler ``` $handler = new \SimpleSAML\Module\authoauth2\OAuth2ResponseHandler(); if ($handler->canHandleResponse()) { $handler->handleResponse(); return; } ``` Development =========== [](#development) Docker ------ [](#docker) The `preprodwarning` module is included for testing authproc filters. *note:* The 1.0.2 version of `preprodwarning` has a bug in the redirect url. If using it you need to change `showwarning.php` to `warning`in your browser url. ``` docker run --name ssp-oauth2-dev \ --mount type=bind,source="$(pwd)",target=/var/simplesamlphp/staging-modules/authoauth2,readonly \ -e STAGINGCOMPOSERREPOS=authoauth2 \ -e COMPOSER_REQUIRE="cirrusidentity/simplesamlphp-module-authoauth2:@dev simplesamlphp/simplesamlphp-module-preprodwarning" \ -e SSP_ADMIN_PASSWORD=secret1 \ -e SSP_ENABLED_MODULES="authoauth2 preprodwarning" \ --mount type=bind,source="$(pwd)/docker/config/authsources.php",target=/var/simplesamlphp/config/authsources.php,readonly \ --mount type=bind,source="$(pwd)/docker/config/config-override.php",target=/var/simplesamlphp/config/config-override.php,readonly \ -p 443:443 cirrusid/simplesamlphp:v2.3.2 ``` and visit (which resolves to localhost, and the docker container) the [test authsource page](https://oauth2-validation.local.stack-dev.cirrusidentity.com/simplesaml/module.php/admin/test)to test some pre-configured social integrations (yes, you can see the app passwords, these apps are only used for this demo). ### Facebook test user [](#facebook-test-user) The pre-configured Facebook apps can only be accessed with a test account. You must be signed out of Facebook, otherwise you will get an error saying ``` App not active This app is not accessible right now and the app developer is aware of the issue. You will be able to log in when the app is reactivated. ``` - email: [open\_nzwvghb\_user@tfbnw.net](mailto:open_nzwvghb_user@tfbnw.net) - password: SSPisMyFavorite2022 ### Testing OIDC Logout [](#testing-oidc-logout) The authsource `microsoftOIDCPkceSource` can be used for testing both OIDC login and OIDC logout. Code style ---------- [](#code-style) Run `phpcs` to check code style ``` php vendor/bin/phpcs ``` ### Health Score 62 — FairBetter than 99% of packages Maintenance79 Regular maintenance activity Popularity45 Moderate usage in the ecosystem Community26 Small or concentrated contributor base Maturity82 Battle-tested with a long release history Bus Factor1 Top contributor holds 75.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~138 days Recently: every ~62 days Total 21 Last Release 68d ago Major Versions v1.0.0 → v2.0.02018-11-29 v2.1.0 → v3.0.02019-12-03 v3.2.0 → v4.0.0-alpha.12022-11-16 v3.3.0 → v4.0.02023-08-05 v4.1.0 → v5.0.0-beta.12024-10-30 PHP version history (4 changes)v1.0.0PHP >=5.6 v3.2.0PHP >=7.3 v4.0.0-alpha.1PHP >=7.4 || ^8.0 v5.0.0-beta.1PHP ^8.1 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/932934?v=4)[Patrick](/maintainers/pradtke)[@pradtke](https://github.com/pradtke) --- Top Contributors [![pradtke](https://avatars.githubusercontent.com/u/932934?v=4)](https://github.com/pradtke "pradtke (135 commits)")[![sigmunau](https://avatars.githubusercontent.com/u/4507494?v=4)](https://github.com/sigmunau "sigmunau (17 commits)")[![ioigoume](https://avatars.githubusercontent.com/u/3846025?v=4)](https://github.com/ioigoume "ioigoume (4 commits)")[![dbollaer](https://avatars.githubusercontent.com/u/1390812?v=4)](https://github.com/dbollaer "dbollaer (4 commits)")[![dnmvisser](https://avatars.githubusercontent.com/u/4074844?v=4)](https://github.com/dnmvisser "dnmvisser (3 commits)")[![djdevin](https://avatars.githubusercontent.com/u/418136?v=4)](https://github.com/djdevin "djdevin (3 commits)")[![tvdijen](https://avatars.githubusercontent.com/u/841045?v=4)](https://github.com/tvdijen "tvdijen (2 commits)")[![nikosev](https://avatars.githubusercontent.com/u/29930145?v=4)](https://github.com/nikosev "nikosev (1 commits)")[![olavmo-sikt](https://avatars.githubusercontent.com/u/98447575?v=4)](https://github.com/olavmo-sikt "olavmo-sikt (1 commits)")[![pablopoo](https://avatars.githubusercontent.com/u/13492043?v=4)](https://github.com/pablopoo "pablopoo (1 commits)")[![tft7000](https://avatars.githubusercontent.com/u/3369340?v=4)](https://github.com/tft7000 "tft7000 (1 commits)")[![xdobsla](https://avatars.githubusercontent.com/u/3418680?v=4)](https://github.com/xdobsla "xdobsla (1 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)")[![henrist](https://avatars.githubusercontent.com/u/703354?v=4)](https://github.com/henrist "henrist (1 commits)")[![Joerit](https://avatars.githubusercontent.com/u/34507643?v=4)](https://github.com/Joerit "Joerit (1 commits)")[![marclaporte](https://avatars.githubusercontent.com/u/1004261?v=4)](https://github.com/marclaporte "marclaporte (1 commits)")[![nathanjrobertson](https://avatars.githubusercontent.com/u/11282094?v=4)](https://github.com/nathanjrobertson "nathanjrobertson (1 commits)")[![NicolasLiampotis](https://avatars.githubusercontent.com/u/1188170?v=4)](https://github.com/NicolasLiampotis "NicolasLiampotis (1 commits)") --- Tags oauth2simplesamlphpoidc ### Embed Badge ![Health badge](/badges/cirrusidentity-simplesamlphp-module-authoauth2/health.svg) ``` [![Health](https://phpackages.com/badges/cirrusidentity-simplesamlphp-module-authoauth2/health.svg)](https://phpackages.com/packages/cirrusidentity-simplesamlphp-module-authoauth2) ``` ### Alternatives [league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[knpuniversity/oauth2-client-bundle Integration with league/oauth2-client to provide services 84016.7M61](/packages/knpuniversity-oauth2-client-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 42121.2M118](/packages/league-oauth2-google)[ronvanderheijden/openid-connect OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 61755.5k](/packages/ronvanderheijden-openid-connect) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)