PHPackages danielburger1337/oauth2-dpop - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. danielburger1337/oauth2-dpop ActiveLibrary[Authentication & Authorization](/categories/authentication) danielburger1337/oauth2-dpop ============================ Create/Verify OAuth2 DPoP tokens. v1.2.0(4mo ago)5409↓50%1[1 PRs](https://github.com/danielburger1337/oauth2-dpop-php/pulls)MITPHPPHP ^8.4 Since Feb 29Pushed 4mo ago2 watchersCompare [ Source](https://github.com/danielburger1337/oauth2-dpop-php)[ Packagist](https://packagist.org/packages/danielburger1337/oauth2-dpop)[ Docs](https://github.com/danielburger1337/oauth2-dpop-php)[ RSS](/packages/danielburger1337-oauth2-dpop/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (13)Versions (5)Used By (0) [![PHPCSFixer](https://github.com/danielburger1337/oauth2-dpop-php/actions/workflows/phpcsfixer.yml/badge.svg)](https://github.com/danielburger1337/oauth2-dpop-php/actions/workflows/phpcsfixer.yml)[![PHPStan](https://github.com/danielburger1337/oauth2-dpop-php/actions/workflows/phpstan.yml/badge.svg)](https://github.com/danielburger1337/oauth2-dpop-php/actions/workflows/phpstan.yml)[![PHPUnit](https://github.com/danielburger1337/oauth2-dpop-php/actions/workflows/phpunit.yml/badge.svg)](https://github.com/danielburger1337/oauth2-dpop-php/actions/workflows/phpunit.yml)[![Packagist Version](https://camo.githubusercontent.com/1fa97596f2b7ef0953a8a021c5be9355ebda1e4a3b7669fb662c1002d45449d0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f64616e69656c627572676572313333372f6f61757468322d64706f703f6c696e6b3d68747470732533412532462532467061636b61676973742e6f72672532467061636b6167657325324664616e69656c627572676572313333372532466f61757468322d64706f70)](https://camo.githubusercontent.com/1fa97596f2b7ef0953a8a021c5be9355ebda1e4a3b7669fb662c1002d45449d0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f64616e69656c627572676572313333372f6f61757468322d64706f703f6c696e6b3d68747470732533412532462532467061636b61676973742e6f72672532467061636b6167657325324664616e69656c627572676572313333372532466f61757468322d64706f70)[![Packagist Downloads](https://camo.githubusercontent.com/791668d04a7a68843607959e9b3247582d5b1f5ce8b9535353a1d766b47dcdc3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f64616e69656c627572676572313333372f6f61757468322d64706f703f6c696e6b3d68747470732533412532462532467061636b61676973742e6f72672532467061636b6167657325324664616e69656c627572676572313333372532466f61757468322d64706f70)](https://camo.githubusercontent.com/791668d04a7a68843607959e9b3247582d5b1f5ce8b9535353a1d766b47dcdc3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f64616e69656c627572676572313333372f6f61757468322d64706f703f6c696e6b3d68747470732533412532462532467061636b61676973742e6f72672532467061636b6167657325324664616e69656c627572676572313333372532466f61757468322d64706f70) danielburger1337/oauth2-dpop ============================ [](#danielburger1337oauth2-dpop) A PHP library that helps you both create and verify [OAuth2 DPoP](https://datatracker.ietf.org/doc/html/rfc9449) proof tokens. > Demonstrating Proof of Possession (DPoP) is an application-level mechanism for sender-constraining OAuth \[RFC6749\] access and refresh tokens. It enables a client to prove the possession of a public/private key pair by including a DPoP header in an HTTP request. The value of the header is a JSON Web Token (JWT) \[RFC7519\] that enables the authorization server to bind issued tokens to the public part of a client's key pair. Recipients of such tokens are then able to verify the binding of the token to the key pair that the client has demonstrated that it holds via the DPoP header, thereby providing some assurance that the client presenting the token also possesses the private key. In other words, the legitimate presenter of the token is constrained to be the sender that holds and proves possession of the private part of the key pair. > ~ [Section 1 of RFC-9449](https://datatracker.ietf.org/doc/html/rfc9449#section-1) Install ------- [](#install) This library is [PSR-4](https://www.php-fig.org/psr/psr-4/) compatible and can be installed via PHP's dependency manager [Composer](https://getcomposer.org). ``` composer require danielburger1337/oauth2-dpop ``` Documentation ------------- [](#documentation) You can find the documentation [here](docs/README.md). Running Tests Locally --------------------- [](#running-tests-locally) This library is fully unit tested. It also uses strict static analysis to minimize the possibility of unexpected runtime errors. ``` composer install vendor/bin/php-cs-fixer fix vendor/bin/phpstan vendor/bin/phpunit ``` License ------- [](#license) This software is available under the [MIT](LICENSE) license. ### Health Score 46 — FairBetter than 93% of packages Maintenance77 Regular maintenance activity Popularity21 Limited adoption so far Community9 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~225 days Total 4 Last Release 124d ago Major Versions v0.1.0 → v1.0.02024-12-30 PHP version history (2 changes)v0.1.0PHP ^8.2 v1.1.0PHP ^8.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/b54ebcf5961630f5ac30dc9d15d304a286fe22d14ebe78470c9ca9ad12e285db?d=identicon)[danielburger1337](/maintainers/danielburger1337) --- Top Contributors [![danielburger1337](https://avatars.githubusercontent.com/u/48986191?v=4)](https://github.com/danielburger1337 "danielburger1337 (224 commits)") --- Tags composercomposer-packagedpopoauth2phpphp-libraryoauth2dpop ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/danielburger1337-oauth2-dpop/health.svg) ``` [![Health](https://phpackages.com/badges/danielburger1337-oauth2-dpop/health.svg)](https://phpackages.com/packages/danielburger1337-oauth2-dpop) ``` ### Alternatives [league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[knpuniversity/oauth2-client-bundle Integration with league/oauth2-client to provide services 83416.7M61](/packages/knpuniversity-oauth2-client-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[simplesamlphp/simplesamlphp-module-oidc A SimpleSAMLphp module adding support for the OpenID Connect protocol 5016.9k1](/packages/simplesamlphp-simplesamlphp-module-oidc) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)