PHPackages                             d3strukt0r/oauth2-orbitrondev - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. d3strukt0r/oauth2-orbitrondev

AbandonedLibrary[Authentication &amp; Authorization](/categories/authentication)

d3strukt0r/oauth2-orbitrondev
=============================

Generation 2 OAuth 2.0 Client Provider for The PHP League OAuth2-Client

0176PHPCI failing

Pushed 5y ago1 watchersCompare

[ Source](https://github.com/D3strukt0r/oauth2-generation-2)[ Packagist](https://packagist.org/packages/d3strukt0r/oauth2-orbitrondev)[ RSS](/packages/d3strukt0r-oauth2-orbitrondev/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependenciesVersionsUsed By (0)

OpenID provider for OAuth 2.0 Client
====================================

[](#openid-provider-for-oauth-20-client)

This package provides OpenID OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).

Project

[![License](https://camo.githubusercontent.com/61c1d1c6c08718d2ba4c4b382f9b737b6e2fcbbb358e5d2d9e57452587c0f822/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f4433737472756b7430722f6f61757468322d6f70656e6964)](https://github.com/D3strukt0r/oauth2-openid/blob/master/LICENSE.txt)[![Version](https://camo.githubusercontent.com/7618bcf04e5bb787947ec6a005b6069a33c6a3964969cdab29cc54bf46e56c30/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6433737472756b7430722f6f61757468322d6f70656e69643f6c6162656c3d6c617465737425323072656c65617365)](https://packagist.org/packages/d3strukt0r/oauth2-openid)[![Version (including pre-releases)](https://camo.githubusercontent.com/23ebe7b1feb98f9174ed2fd48337407ba7bc43e486c4171c4a0af1615ec13c35/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f4433737472756b7430722f6f61757468322d6f70656e69643f696e636c7564655f70726572656c6561736573266c6162656c3d6c61746573742532307072652d72656c65617365)](https://packagist.org/packages/d3strukt0r/oauth2-openid)[![Downloads on Packagist](https://camo.githubusercontent.com/a278fd9bca23cfd28d646b0ee630013a51335ce3160fbe3364fa3558c1f279af/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6433737472756b7430722f6f61757468322d6f70656e6964)](https://packagist.org/packages/d3strukt0r/oauth2-openid)[![Required PHP version](https://camo.githubusercontent.com/f33a23584317d53557cc6d8bee47b843c48f3ae1260ba331ef714c03b6ed2abe/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6433737472756b7430722f6f61757468322d6f70656e6964)](https://packagist.org/packages/d3strukt0r/oauth2-openid)

master-branch (alias stable, latest)

[![GH Action CI/CD](https://github.com/D3strukt0r/oauth2-openid/workflows/CI/CD/badge.svg?branch=master)](https://github.com/D3strukt0r/oauth2-openid/actions)[![Coveralls](https://camo.githubusercontent.com/6b0236e83f60f9a37fe8625a7094af251d7e4928d621bdf4149d599ac0b5287a/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f6769746875622f4433737472756b7430722f6f61757468322d6f70656e69642f6d6173746572)](https://coveralls.io/github/D3strukt0r/oauth2-openid)[![Scrutinizer build status](https://camo.githubusercontent.com/0b34bfb8d0d7f8776e11c8b31ca22921f8ae7a1932e9ea0a97f1b09012821478/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f6275696c642f672f4433737472756b7430722f6f61757468322d6f70656e69642f6d61737465723f6c6162656c3d7363727574696e697a65722532306275696c64)](https://scrutinizer-ci.com/g/D3strukt0r/oauth2-openid/)[![Scrutinizer code quality](https://camo.githubusercontent.com/98931c6bfe97cfec775d59145a455e1d68d19a01c5d241ba350f9eeb9c53da27/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f7175616c6974792f672f4433737472756b7430722f6f61757468322d6f70656e69642f6d61737465723f6c6162656c3d7363727574696e697a6572253230636f64652532307175616c697479)](https://scrutinizer-ci.com/g/D3strukt0r/oauth2-openid/)[![Codacy grade](https://camo.githubusercontent.com/43ce08c0dcdd40a4f56fd51cd33fd72e21ffcbc799758ca81e9459f4fca01351/68747470733a2f2f696d672e736869656c64732e696f2f636f646163792f67726164652f36363333383765656462626534373332626361353561643730643930366336392f6d61737465723f6c6162656c3d636f64616379253230636f64652532307175616c697479)](https://www.codacy.com/manual/D3strukt0r/oauth2-openid)[![Docs build status](https://camo.githubusercontent.com/7fda3d13c961c3aff408c10d059a2d6b28d025f1fb0485f9b0a86a8ef9ca549d/68747470733a2f2f696d672e736869656c64732e696f2f72656164746865646f63732f6f61757468322d6f70656e69642f737461626c65)](https://readthedocs.org/projects/oauth2-openid/)

This package is compliant with [PSR-1](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md), [PSR-2](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md) and [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md). If you notice compliance oversights, please send a patch via pull request.

Getting Started
---------------

[](#getting-started)

### Prerequisites

[](#prerequisites)

The following versions of PHP are supported.

- PHP 7.1
- PHP 7.2
- PHP 7.3
- PHP 7.4
- HHVM

[OpenID App](https://openid.manuele-vaccari.ch/p/developer-create-application) will also need to be set up, which will provide you with the `{app-id}` and `{app-secret}` required (see [Usage](#usage) below).

### Installing

[](#installing)

To install, use composer:

```
composer require d3strukt0r/oauth2-openid
```

### Usage

[](#usage)

#### Authorization Code Flow

[](#authorization-code-flow)

```
$provider = new Generation2\OAuth2\Client\Provider\Generation2Provider([
    'clientId'     => '{app-id}',     // The client ID assigned to you by the provider
    'clientSecret' => '{app-secret}', // The client password assigned to you by the provider
    'redirectUri'  => 'https://example.com/callback-url',
]);

if (!empty($_GET['error'])) {

    // Got an error, probably user denied access
    unset($_SESSION['oauth2state']);
    exit('Got error: '.htmlspecialchars($_GET['error_description']).' ('.htmlspecialchars($_GET['error']).')');

// If we don't have an authorization code then get one
} elseif (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl([
        'scope' => 'user:id user:email',
    ]);

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: '.$authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    // State is invalid, possible CSRF attack in progress
    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {
    try {

        // Try to get an access token using the authorization code grant.
        $accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code'],
        ]);

        // Use this to interact with an API on the users behalf
        echo $token->getToken();

        // Use this to get a new access token if the old one expires
        echo $token->getRefreshToken();

        // Exact timestamp when the access token will expire, and need refreshing
        echo $token->getExpires();

        // Optional: Now you have a token you can look up a users profile data

        // We got an access token, let's now get the owner details
        $ownerDetails = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $ownerDetails->getId());

    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());
    }
}
```

#### Refreshing a Token

[](#refreshing-a-token)

Refresh tokens are only provided to applications which request offline access. You can specify offline access by setting the `accessType` option in your provider:

```
$provider = new Generation2\OAuth2\Client\Provider\Generation2Provider([
    'clientId'     => '{app-id}',     // The client ID assigned to you by the provider
    'clientSecret' => '{app-secret}', // The client password assigned to you by the provider
    'redirectUri'  => 'https://example.com/callback-url',
]);
```

It is important to note that the refresh token is only returned on the first request after this it will be `null`. You should securely store the refresh token when it is returned:

```
$accessToken = $provider->getAccessToken('authorization_code', [
    'code' => $code
]);

// persist the token in a database
$refreshToken = $accessToken->getRefreshToken();
```

If you ever need to get a new refresh token you can request one by forcing the approval prompt:

```
$authorizationUrl = $provider->getAuthorizationUrl(['approval_prompt' => 'force']);
```

Now you have everything you need to refresh an access token using a refresh token:

```
$provider = new Generation2\OAuth2\Client\Provider\Generation2Provider([
    'clientId'     => '{app-id}',     // The client ID assigned to you by the provider
    'clientSecret' => '{app-secret}', // The client password assigned to you by the provider
    'redirectUri'  => 'https://example.com/callback-url',
]);

$newAccessToken = $provider->getAccessToken('refresh_token', [
    'refresh_token' => $oldAccessToken->getRefreshToken()
]);
```

### Scopes

[](#scopes)

If needed, you can include an array of scopes when getting the authorization url. Example:

```
$authorizationUrl = $provider->getAuthorizationUrl([
    'scope' => [
        'user:id user:email',
    ]
]);
header('Location: ' . $authorizationUrl);
exit;
```

Running the tests
-----------------

[](#running-the-tests)

```
./vendor/bin/phpunit
```

Built With
----------

[](#built-with)

- [PHP](https://www.php.net/) - Programming Language
- [Composer](https://getcomposer.org/) - Dependency Management
- [PHPUnit](https://phpunit.de/) - Testing the code
- [Github Actions](https://github.com/features/actions) - Automatic CI (Testing)
- [Read the docs](https://readthedocs.org) - Documentation

Contributing
------------

[](#contributing)

Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.

Versioning
----------

[](#versioning)

We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/D3strukt0r/votifier-client-php/tags).

Authors
-------

[](#authors)

- **Manuele Vaccari** - [D3strukt0r](https://github.com/D3strukt0r) - *Initial work*

See also the list of [contributors](https://github.com/D3strukt0r/oauth2-openid/contributors) who participated in this project.

License
-------

[](#license)

This project is licensed under the GNU General Public License v3.0 - see the [LICENSE.txt](LICENSE.txt) file for details

Acknowledgments
---------------

[](#acknowledgments)

- Hat tip to anyone whose code was used
- Inspiration
- etc

###  Health Score

11

—

LowBetter than 0% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity10

Limited adoption so far

Community4

Small or concentrated contributor base

Maturity8

Early-stage or recently created project

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/b85a902d1046a8ea02fc92916d6796c839661b8ad1088b55e951cae348870191?d=identicon)[D3strukt0r](/maintainers/D3strukt0r)

---

Tags

composerphpphp-league

### Embed Badge

![Health badge](/badges/d3strukt0r-oauth2-orbitrondev/health.svg)

```
[![Health](https://phpackages.com/badges/d3strukt0r-oauth2-orbitrondev/health.svg)](https://phpackages.com/packages/d3strukt0r-oauth2-orbitrondev)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)