PHPackages d4h/pkce - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. d4h/pkce ActiveLibrary[Authentication & Authorization](/categories/authentication) d4h/pkce ======== PHP implementation of RFC7636 (Proof Key for Code Exchange by OAuth Public Clients) 1.0.0(4y ago)230.6k↓27.5%MITPHPPHP ^7.4.0 || ^8.0 Since Apr 6Pushed 4y ago1 watchersCompare [ Source](https://github.com/hannesvdvreken/php-pkce)[ Packagist](https://packagist.org/packages/d4h/pkce)[ GitHub Sponsors](https://github.com/sponsors/hannesvdvreken)[ RSS](/packages/d4h-pkce/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) Proof Key for Code Exchange (PKCE) implementation for OAuth Clients =================================================================== [](#proof-key-for-code-exchange-pkce-implementation-for-oauth-clients) [![Latest Stable Version](https://camo.githubusercontent.com/8f34673161e03d55cc004372d71146cefaf09218dfb76262479d5a2f5639af46/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6434682f706b63652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/d4h/pkce)[![Total Downloads](https://camo.githubusercontent.com/49b90fcbe45d06645206d9cbe1c223a726fb4953d481105c6fec27ae2cf0dd99/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6434682f706b63652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/d4h/pkce)[![License](https://camo.githubusercontent.com/94a7bfdc886310e215a670a30f2c780690f85100fff5df7c2147a3c9e45ec8dc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f68616e6e657376647672656b656e2f7068702d706b63653f7374796c653d666c61742d737175617265)](#license) Implementation of [RFC 7636](https://tools.ietf.org/html/rfc7636) Usage ----- [](#usage) ``` use function OAuth\PKCE\generatePair; use function OAuth\PKCE\generateChallenge; use function OAuth\PKCE\verifyChallenge; // Generate a pair $pair = generatePair(128); // Store this in session $codeVerifier = $pair->getVerifier(); // Pass this onto the /authorize endpoint of the OAuth server $codeChallenge = $pair->getChallenge(); $queryString = http_build_query([ 'redirect_uri' => 'https://example.com', 'response_type' => 'code', 'client_id' => 'xxxxx', 'code_challenge_method' => 'S256', 'code_challenge' => $codeChallenge, 'state' => $state, ]); // Use the verifier to exchange the auth code for a token $params = [ 'client_id' => 'xxxxx', 'client_secret' => 'xxxxx', // If you have one 'code' => $code, // Received on your redirect uri 'code_verifier' => $codeVerifier, // Fetched from the session ]; // On the server side: if (! verifyChallenge($codeVerifier, $codeChallenge)) { // Throw exception because the given code, code_verifier and code_challenge are not matching. } // Or if you've saved the code with the code_challenge as a key: // Query for a stored token with the given code and generated code_challenge $codeChallenge = generateChallenge($codeVerifier); ``` Contributing ------------ [](#contributing) Feel free to make a pull request. Give a concise but complete description of what is supposed to be added/changed/removed/fixed. ### Testing [](#testing) To test your code before pushing, run the unit test suite. ``` vendor/bin/phpunit ``` License ------- [](#license) [MIT](LICENSE) ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity31 Limited adoption so far Community7 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1504d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1410358?v=4)[Hannes Van De Vreken](/maintainers/hannesvdvreken)[@hannesvdvreken](https://github.com/hannesvdvreken) --- Top Contributors [![hannesvdvreken](https://avatars.githubusercontent.com/u/1410358?v=4)](https://github.com/hannesvdvreken "hannesvdvreken (5 commits)") --- Tags oauthpkcerfc7636 ### Code Quality TestsPHPUnit Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/d4h-pkce/health.svg) ``` [![Health](https://phpackages.com/badges/d4h-pkce/health.svg)](https://phpackages.com/packages/d4h-pkce) ``` ### Alternatives [league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[league/oauth1-client OAuth 1.0 Client Library 99898.8M106](/packages/league-oauth1-client)[knpuniversity/oauth2-client-bundle Integration with league/oauth2-client to provide services 84016.7M61](/packages/knpuniversity-oauth2-client-bundle)[socialiteproviders/manager Easily add new or override built-in providers in Laravel Socialite. 42542.0M544](/packages/socialiteproviders-manager)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 42121.2M118](/packages/league-oauth2-google) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)