PHPackages danielweiser/oauth2-esia - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. danielweiser/oauth2-esia ActiveLibrary[Authentication & Authorization](/categories/authentication) danielweiser/oauth2-esia ======================== Allows to authenticate in ESIA and get authenticated individual personal information. 1.0(1y ago)010MITPHPPHP ^8.2 Since Mar 18Pushed 1y agoCompare [ Source](https://github.com/DanielWeiser/oauth2-esia)[ Packagist](https://packagist.org/packages/danielweiser/oauth2-esia)[ RSS](/packages/danielweiser-oauth2-esia/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (8)Versions (2)Used By (0) ESIA Provider for OAuth 2.0 Client ================================== [](#esia-provider-for-oauth-20-client) [![Coverage Status](https://camo.githubusercontent.com/afd9e79b7de1f2c3a083c46937cec2f0579d6642a8216ce73d2816fadc28430f/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f656b6170757374612f6f61757468322d657369612f62616467652e7376673f6272616e63683d646576656c6f70)](https://coveralls.io/github/ekapusta/oauth2-esia?branch=develop)[![Software License](https://camo.githubusercontent.com/074b89bca64d3edc93a1db6c7e3b1636b874540ba91d66367c0e5e354c56d0ea/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e737667)](https://github.com/ekapusta/oauth2-esia/blob/develop/LICENSE.md)[![](https://camo.githubusercontent.com/3ca7c27a49132aef6a2b308ba624328505b6e7dfaeefb7f03b7ca6f31d7b54c7/68747470733a2f2f657369612e676f7375736c7567692e72752f6964702f7265736f75726365732f696d672f666c742f72752f6c6f676f2d73696d706c652e706e67)](https://esia.gosuslugi.ru/) Allows to authenticate in ESIA and get authenticated individual personal information. Implemented as adapter to the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client). Installing ---------- [](#installing) To install, use composer: ``` composer require danielweiser/oauth2-esia ``` Usage ----- [](#usage) Usage is the same as the normal client, using `Ekapusta\OAuth2Esia\Provider\EsiaProvider` as the provider: ### Configure provider [](#configure-provider) ``` use Ekapusta\OAuth2Esia\Provider\EsiaProvider; use Ekapusta\OAuth2Esia\Security\JWTSigner\OpenSslCliJwtSigner; use Ekapusta\OAuth2Esia\Security\Signer\OpensslPkcs7; $provider = new EsiaProvider([ 'clientId' => 'XXXXXX', 'redirectUri' => 'https://your-system.domain/auth/finish/', 'defaultScopes' => ['openid', 'fullname', '...'], // For work with test portal version // 'remoteUrl' => 'https://esia-portal1.test.gosuslugi.ru', // 'remotePublicKey' => EsiaProvider::RESOURCES.'esia.test.public.key', // For work with GOST3410_2012_256 signatures (instead of default RS256) // 'remoteCertificatePath' => EsiaProvider::RESOURCES.'esia.gost.prod.public.key', ], [ 'signer' => new OpensslPkcs7('/path/to/public/certificate.cer', '/path/to/private.key'), // For work with GOST3410_2012_256 signatures (instead of default RS256) // 'remoteSigner' => new OpenSslCliJwtSigner('/path/to/openssl'), ]); ``` ### Which signer to use? [](#which-signer-to-use) - If you use RSA keys, then `OpensslPkcs7` is enough. - If you use GOST keys and compiled PHP with GOST ciphers, then `OpensslPkcs7` is enough. - If you use GOST keys and have openssl-compatible tool, then use `OpensslCli`. It has `toolpath` param. - If you use GOST keys and you are docker-addict, then you can use `'toolpath' => 'docker run --rm -i -v $(pwd):$(pwd) -w $(pwd) rnix/openssl-gost openssl'`. Which remote signer to use? --------------------------- [](#which-remote-signer-to-use) - If your system electronic signature algorythm is default RS256, then do nothing. Under the hood it uses Sha256 remote signer. - If you use GOST3410\_2012\_256 signature, then use `OpenSslCliJwtSigner`, passing to it path to `openssl` tool. For dockers pass to it something like `docker run --rm -i -v $(pwd):$(pwd) -v /tmp/tmp -w $(pwd) rnix/openssl-gost openssl'`. `/tmp ` volume is important there! ### Auth flow [](#auth-flow) Auth flow is standard. ``` // https://your-system.domain/auth/start/ $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2.esia.state'] = $provider->getState(); header('Location: '.$authUrl); exit; // https://your-system.domain/auth/finish/?state=...&code=... if ($_SESSION['oauth2.esia.state'] !== $_GET['state']) { exit('The guard unravels the crossword.'); } $accessToken = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]); $esiaPersonData = $provider->getResourceOwner($accessToken); var_export($esiaPersonData->toArray()); ``` ### Simplified facade [](#simplified-facade) If you don't like classes with about 20 public methods, there is simplified facade-class. ``` use Ekapusta\OAuth2Esia\EsiaService; $service = new EsiaService($provider); // https://your-system.domain/auth/start/ $_SESSION['oauth2.esia.state'] = $service->generateState(); $authUrl = $service->getAuthorizationUrl($_SESSION['oauth2.esia.state']); header('Location: '.$authUrl); exit; // https://your-system.domain/auth/finish/?state=...&code=... $esiaPersonData = $service->getResourceOwner($_SESSION['oauth2.esia.state'], $_GET['state'], $_GET['code']) var_export($esiaPersonData->toArray()); ``` Example $esiaPersonData ----------------------- [](#example-esiapersondata) ``` { "resourceOwnerId": 1000404446, "stateFacts": [ "EntityRoot" ], "firstName": "Имя006", "lastName": "Фамилия006", "middleName": "Отчество006", "birthDate": "26.05.2000", "birthPlace": "Москва", "gender": "F", "trusted": true, "citizenship": "RUS", "snils": "000-000-600 06", "inn": "585204118212", "updatedOn": 1523386683, "contacts": { "stateFacts": [ "hasSize" ], "size": 3, "eTag": "5F535ACCAEB3018D0AAA8C46027E3CF2C4BD0197", "elements": [ { "stateFacts": [ "Identifiable" ], "id": 14216773, "type": "EML", "vrfStu": "VERIFIED", "value": "EsiaTest006@yandex.ru", "verifyingValue": "EsiaTest006@yandex.ru", "vrfValStu": "VERIFYING", "isCfmCodeExpired": true, "eTag": "17DCA3945F1B8B54496F59EB146BDC7DADAD7BC8" }, { "stateFacts": [ "Identifiable" ], "id": 14249750, "type": "PHN", "vrfStu": "NOT_VERIFIED", "value": "+7(840)0000006", "eTag": "943C1145E4973324599CD0E4FF136186502C93C5" }, { "stateFacts": [ "Identifiable" ], "id": 14244504, "type": "MBT", "vrfStu": "VERIFIED", "value": "+7(000)0000006", "verifyingValue": "+7(111)1111111", "vrfValStu": "VERIFYING", "isCfmCodeExpired": true, "eTag": "F3AA3B18B35BC12E53E0B7A7EAF13EC41EBD02AD" } ] }, "addresses": { "stateFacts": [ "hasSize" ], "size": 2, "eTag": "47B43F0210344E272F338073C382C5955651C5E2", "elements": [ { "stateFacts": [ "Identifiable" ], "id": 530, "type": "PLV", "addressStr": "г Чебоксары, пр-кт Мира", "fiasCode": "bb5f4fab-64ea-4042-a61b-9b2bdb55442d", "flat": "1", "countryId": "RUS", "house": "1", "zipCode": "428022", "city": "Чебоксары", "street": "Мира", "region": "Чувашская Республика", "eTag": "3553085EBBC08CEBFD73957B7D5BAFDFDA096CCA" }, { "stateFacts": [ "Identifiable" ], "id": 15893, "type": "PRG", "addressStr": "г Чебоксары, пр-кт Мира", "fiasCode": "bb5f4fab-64ea-4042-a61b-9b2bdb55442d", "flat": "1", "countryId": "RUS", "house": "1", "zipCode": "428022", "city": "Чебоксары", "street": "Мира", "region": "Чувашская Республика", "eTag": "C90BE244DC0650255C9D3078C7C7EDEA8013BB6E" } ] }, "documents": { "stateFacts": [ "hasSize" ], "size": 2, "eTag": "E752C6CFC8CBAE112527BF2AA07CB0A173143065", "elements": [ { "stateFacts": [ "EntityRoot" ], "id": 3571, "type": "RF_PASSPORT", "vrfStu": "VERIFIED", "series": "5303", "number": "925695", "issueDate": "01.01.2006", "issueId": "006006", "issuedBy": "УФМС006", "eTag": "2E1F79E93B9DF6F5A579F95069630742D41C6AFB" }, { "stateFacts": [ "EntityRoot" ], "id": 21213, "type": "RF_DRIVING_LICENSE", "vrfStu": "NOT_VERIFIED", "series": "1222", "number": "884455", "issueDate": "01.09.2014", "expiryDate": "01.08.2024", "eTag": "E9D14F10321D0021A1267B8D363B22B102387735" } ] }, "vehicles": { "stateFacts": [ "hasSize" ], "size": 1, "eTag": "9D0855F880F882EBCFD93C329C4720D5DB4058D9", "elements": [ { "stateFacts": [ "Identifiable" ], "id": 17743, "name": "Моя птичка", "numberPlate": "А123АА111", "regCertificate": { "series": "1231", "number": "231231" }, "eTag": "A99823275D311CB97A371A420A59AA6BB08B42B7" } ] }, "status": "REGISTERED", "verifying": false, "rIdDoc": 3571, "containsUpCfmCode": false, "eTag": "61F2A6BF9D17B97E6B56F8B10EB28A7C814FF0B4" } ``` Testing ------- [](#testing) Node is used for interactive headless chrome auth bot. ``` vendor/bin/phpunit --debug ``` About ESIA ---------- [](#about-esia) There are three ESIA user identification levels: - simple - standard - confrimed Information system can ask info about user from individuals register. ESIA user could be: - individual - individual entrepreneur (individual + flag "is entrepreneur") - individual connected to legal entities accounts - individual connected to public authorities accounts Users after individual can be only of confirmed identification level. User info --------- [](#user-info) After user's permission his/her info can be read through REST. Scopes ------ [](#scopes) To get some info about user system should ask it through "scope" param. Same param entered in paper-written application for connection to ESIA. Scope is analog of permissions in mobile apps, but for user's data. Here are list of possible scopes: fullname, birthdate, gender, snils, inn, id\_doc, birthplace, medical\_doc, military\_doc, foreign\_passport\_doc, drivers\_licence\_doc, vehicles, email, mobile, contacts, kid\_fullname. Security algos -------------- [](#security-algos) ESIA REST supports both RSA2048+SHA256 and GOST3410-2001+GOST341194 algos. Authentication methods ---------------------- [](#authentication-methods) There are two ways to authenticate user: SAML 2.0 and OpenID Connect 1.0 (OAuth 2.0 extension). SAML 2.0 is only for public authorities. For legal entities OpenID Connect is used. Terms ----- [](#terms) ESIA from Russian "ЕСИА", which is "Единая система идентификации и аутентификации". Translated as "Unified identification and authentication system". Links ----- [](#links) 1. [Единая система идентификации и аутентификации](https://ru.wikipedia.org/wiki/%D0%95%D0%B4%D0%B8%D0%BD%D0%B0%D1%8F_%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0_%D0%B8%D0%B4%D0%B5%D0%BD%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%86%D0%B8%D0%B8_%D0%B8_%D0%B0%D1%83%D1%82%D0%B5%D0%BD%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%86%D0%B8%D0%B8) 2. [Methodical recommendations](http://minsvyaz.ru/ru/documents/?type=50&directions=13) ### Health Score 30 — LowBetter than 64% of packages Maintenance48 Moderate activity, may be stable Popularity5 Limited adoption so far Community10 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 96% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 417d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/37e6e4fbfa276b833198c88f1d1e64730180a14f9efed2cba47bbb975e671152?d=identicon)[DanielWeiser](/maintainers/DanielWeiser) --- Top Contributors [![garex](https://avatars.githubusercontent.com/u/77981?v=4)](https://github.com/garex "garex (121 commits)")[![DanielWeiser](https://avatars.githubusercontent.com/u/46303277?v=4)](https://github.com/DanielWeiser "DanielWeiser (3 commits)")[![Kaile](https://avatars.githubusercontent.com/u/5454122?v=4)](https://github.com/Kaile "Kaile (1 commits)")[![SergeySidorov](https://avatars.githubusercontent.com/u/5655042?v=4)](https://github.com/SergeySidorov "SergeySidorov (1 commits)") --- Tags oauth2OpenID Connectoauth2-provideresia ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/danielweiser-oauth2-esia/health.svg) ``` [![Health](https://phpackages.com/badges/danielweiser-oauth2-esia/health.svg)](https://phpackages.com/packages/danielweiser-oauth2-esia) ``` ### Alternatives [ekapusta/oauth2-esia Allows to authenticate in ESIA and get authenticated individual personal information. 73189.8k1](/packages/ekapusta-oauth2-esia)[google/auth Google Auth Library for PHP 1.4k272.7M161](/packages/google-auth)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M117](/packages/league-oauth2-google)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M47](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)