PHPackages dormilich/http-oauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. dormilich/http-oauth ActiveLibrary dormilich/http-oauth ==================== OAuth2 authorisation module for dormilich/http-client. 16PHP Since Aug 13Pushed 4y ago1 watchersCompare [ Source](https://github.com/Dormilich/http-oauth)[ Packagist](https://packagist.org/packages/dormilich/http-oauth)[ RSS](/packages/dormilich-http-oauth/feed)WikiDiscussions main Synced today READMEChangelogDependenciesVersions (1)Used By (0) Client Credentials OAuth2 extension =================================== [](#client-credentials-oauth2-extension) This is an OAuth2 extension of (and including) `dormilich/http-client` for use with the [Client Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4) authorisation scheme. The primary use of this is backend API communication where the resource consumer (backend service) is a trusted client of the resource owner (by having granted permanent credentials for the resource). Installation ------------ [](#installation) You can install this library via composer: ``` composer require dormilich/http-oauth ``` To use this library, install you personal choice of a [PSR-16](https://www.php-fig.org/psr/psr-16/)cache. Additionally, the parent library requires a PSR-18 HTTP client and PSR-17 HTTP factories. Configuration ------------- [](#configuration) ### HTTP client configuration [](#http-client-configuration) This configuration is described in the respective project. ### Cache configuration [](#cache-configuration) There is no project-specific configuration for the cache component. ### OAuth configuration [](#oauth-configuration) Since OAuth2 may result in pre-flight requests, it needs an HTTP client configured. ``` use Dormilich\HttpClient\Client; use Dormilich\HttpClient\Transformer\JsonDecoder; use Dormilich\HttpClient\Transformer\JsonEncoder; use Dormilich\HttpOauth\TokenClient; use Dormilich\HttpOauth\TokenProvider; use Dormilich\HttpOauth\Credentials\ClientCredentials; use Dormilich\HttpOauth\Credentials\DefaultProvider; use Dormilich\HttpOauth\Encoder\AuthorisationEncoder; // replace this with the actual implementations $httpClient = new HttpClient(); // PSR-18 $requestFactory = new RequestFactory(); // PSR-17 $streamFactory = new StreamFactory(); // PSR-17 $simpleCache = new SimpleCache(); // PSR-16 // define your OAuth credentials $credentials = new ClientCredentials('', '', ''); // use a credentials provider $provider = new DefaultProvider($credentials); // set up the extension # the token client is responsible for making the authorisation requests $tokenClient = new TokenClient($provider, $httpClient, $requestFactory, $streamFactory); # the token provider is a Facade for getting the OAuth token # either from a persistence layer or the authorisation server $tokenProvider = new TokenProvider($tokenClient, $simpleCache); # the request processor for the HTTP client $authorisation = new AuthorisationEncoder($tokenProvider); // set up the HTTP client $client = new Client($httpClient, $requestFactory, $streamFactory); // add OAuth extension $client->addEncoder($authorisation); // add more encoders/decoders as necessary, e.g. $client->addTransformer(new JsonEncoder()); $client->addTransformer(new JsonEncoder()); ``` As per [OAuth specification](https://datatracker.ietf.org/doc/html/rfc6749), the token does not need to have an expiration defined. In that case the token may become stale and the resource request may fail with a 403 Unauthorized response (or similar). If a token is found expired, the extension will fetch a new token before attempting the resource request. Credentials ----------- [](#credentials) The extension supports the use of multiple OAuth credentials within the same HTTP client. The predefined credentials providers are: - `DefaultProvider`: Returns the same credentials for every resource request. - `DomainProvider`: Returns credentials based on the (partial) domain of the resource request URL. - `ChainProvider`: Aggregator for multiple providers. If no credentials are found for the resource request URL, the authorisation header is not added to the resource request. Examples: ``` use Dormilich\HttpOauth\Credentials\ChainProvider; use Dormilich\HttpOauth\Credentials\ClientCredentials; use Dormilich\HttpOauth\Credentials\DefaultProvider; use Dormilich\HttpOauth\Credentials\DomainProvider; $credentials = new ClientCredentials('', '', ''); $default = new DefaultProvider($credentials); // return credentials when requesting authorisation for "example.com" and // its subdomains like "api.example.com" as well as "api.example.org" (etc.) $domain = new DomainProvider(); $domain->add($credentials, ['example.com', 'api.example.org']); $chain = new ChainProvider([$domain, $default]); ``` ### Health Score 16 — LowBetter than 5% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity28 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/392135?v=4)[Bertold von Dormilich](/maintainers/Dormilich)[@Dormilich](https://github.com/Dormilich) --- Top Contributors [![Dormilich](https://avatars.githubusercontent.com/u/392135?v=4)](https://github.com/Dormilich "Dormilich (13 commits)") --- Tags composer ### Embed Badge ![Health badge](/badges/dormilich-http-oauth/health.svg) ``` [![Health](https://phpackages.com/badges/dormilich-http-oauth/health.svg)](https://phpackages.com/packages/dormilich-http-oauth) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)