PHPackages facile-it/php-oauth2-http-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. facile-it/php-oauth2-http-client ActiveLibrary[HTTP & Networking](/categories/http) facile-it/php-oauth2-http-client ================================ HTTPlug plugin for OpenID/OAuth2 authorization support 15PHP Since Aug 4Pushed 5y ago1 watchersCompare [ Source](https://github.com/facile-it/php-oauth2-http-client)[ Packagist](https://packagist.org/packages/facile-it/php-oauth2-http-client)[ RSS](/packages/facile-it-php-oauth2-http-client/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) php-oauth2-http-client ====================== [](#php-oauth2-http-client) HTTPPlug plugin for OAuth2 authorization. [![Latest Stable Version](https://camo.githubusercontent.com/d0b4e79e4fa246ca6f24411e82aae9aad79cd764ea08506316d81756659a9bb3/68747470733a2f2f706f7365722e707567782e6f72672f666163696c652d69742f7068702d6f61757468322d687474702d636c69656e742f762f737461626c65)](https://packagist.org/packages/facile-it/php-oauth2-http-client)[![Total Downloads](https://camo.githubusercontent.com/ce29034b22c24e4d8f2e7e13b19c0106c603c50b3f9e6ca2b9db6096727eaea2/68747470733a2f2f706f7365722e707567782e6f72672f666163696c652d69742f7068702d6f61757468322d687474702d636c69656e742f646f776e6c6f616473)](https://packagist.org/packages/facile-it/php-oauth2-http-client)[![License](https://camo.githubusercontent.com/8fef33b51c550ca09a18dc5b13381b4ce1605e4cf03a27df0e33f073ac61612b/68747470733a2f2f706f7365722e707567782e6f72672f666163696c652d69742f7068702d6f61757468322d687474702d636c69656e742f6c6963656e7365)](https://packagist.org/packages/facile-it/php-oauth2-http-client)[![Code Coverage](https://camo.githubusercontent.com/e384f0fa45478796f3ad8988b1db42fac6263057587ba2392b2cdc9a29d7a82d/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f666163696c652d69742f7068702d6f61757468322d687474702d636c69656e742f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/facile-it/php-oauth2-http-client/?branch=master)[![Build Status](https://camo.githubusercontent.com/3cb2fae1a1bad189375db78a68ee36c4ca73550fb50939d947a7f2f27932d29e/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f666163696c652d69742f7068702d6f61757468322d687474702d636c69656e742f6261646765732f6275696c642e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/facile-it/php-oauth2-http-client/build-status/master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/c38d79ff9197d35cfdf07c382151b3504c723707f1facbde3294fd8f5055e536/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f666163696c652d69742f7068702d6f61757468322d687474702d636c69656e742f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/facile-it/php-oauth2-http-client/?branch=master) This package allows you to use a compatible PSR-18 HTTP client and handle OAuth2 authorization when making a request to an external protected resource. This package is based on [facile-it/php-openid-client](https://github.com/facile-it/php-openid-client) to handle authentication. You need to understand how to use it, specially on creating a Client. Installation ------------ [](#installation) ``` composer require facile-it/php-oauth2-http-client ``` HTTPlug Plugin -------------- [](#httplug-plugin) This library provides you an [HTTPlug](http://httplug.io/) plugin to handle authorization, so you need to create an instance of it. The Client will be used for authentication and requests to the token endpoint. When the resource server answers with a `401` or `403` status code, this plugin try to make an authorization request to obtain a Bearer Access Token, and retry the request with the filled `Authorization` header. By default, an authorization request to obtain an access token is always made before to execute the real request. ``` // facile-it/php-openid-client dependencies use Facile\OpenIDClient\Service\AuthorizationService; use Facile\OpenIDClient\Client\ClientInterface; use Facile\OAuth2\HttpClient\OAuth2Plugin; // create an OIDC/OAuth2 client and the AuthorizationService from facile-it/php-openid-client /** @var AuthorizationService $authorizationService */ /** @var ClientInterface $client */ $oauth2Plugin = new OAuth2Plugin($authorizationService, $client); ``` Now you can inject the plugin on your client. Usage with a PSR-18 HTTP client ------------------------------- [](#usage-with-a-psr-18-http-client) To use a PSR-18 client you can use our plugin instance created before and use the PluginClient decorator from [`php-http/client-common`](https://github.com/php-http/client-common): ``` use Facile\OAuth2\HttpClient\OAuth2Plugin; use Psr\Http\Client\ClientInterface; use Http\Client\Common\PluginClient; // create the plugin instance like the previous example /** @var OAuth2Plugin $oauth2Plugin */ // use your PSR-18 HTTP client /** @var ClientInterface $psrHttpClient */ // use the PluginClient class from php-http/client-common to decorate your client and use the plugin $httpClient = new PluginClient($psrHttpClient, [$oauth2Plugin]); ``` Advanced usage for production environments ------------------------------------------ [](#advanced-usage-for-production-environments) There are some improvements that we can do to customize authorization behaviour and to improve performance in production environments. ### Custom grant parameters [](#custom-grant-parameters) You can configure the plugin to use default parameters to use in the OAuth2 token request: ``` use Facile\OpenIDClient\Service\AuthorizationService; use Facile\OpenIDClient\Client\ClientInterface; use Facile\OAuth2\HttpClient\OAuth2Plugin; // create an OIDC/OAuth2 client and the AuthorizationService from facile-it/php-openid-client /** @var AuthorizationService $authorizationService */ /** @var ClientInterface $client */ $oauth2Plugin = new OAuth2Plugin( $authorizationService, $client, null, [ // custom default grant parameters 'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange', ] ); ``` Optionally, you can create a custom `OAuth2Request` (it's a PSR-7 Request decorator) to use grant parameters for a single request. Request grant parameters will be merged with the default grant parameters injected in the plugin. ``` use Psr\Http\Client\ClientInterface as HttpClient; use Psr\Http\Message\RequestInterface; use Facile\OAuth2\HttpClient\Request\OAuth2Request; // use your PSR-18 HTTP client configured with our plugin /** @var HttpClient $psrHttpClient */ // your PSR-7 HTTP request /** @var RequestInterface $request */ $oauth2Request = (new OAuth2Request($request)) ->withGrantParams([ // request grant parameters 'my-custom-param' => 'my-value', ]); $response = $psrHttpClient->sendRequest($oauth2Request); ``` ### Token-Exchange [](#token-exchange) With the ability to use custom grant parameters for each request, is simple to exchange tokens (see [Token-Exchange (RFC8693)](https://tools.ietf.org/html/rfc8693)). Image that your API resources (service A) are protected, and the user should have his personal access-token (the subject token, maybe a JWT with user infos). Then, service A needs to make a request to another protected Resource Server (service B). You can't use the same access token provided by the user because the JWT audience is just for the service A, so you need to exchange the token with another one with the audience for the service B. ``` use Psr\Http\Client\ClientInterface as HttpClient; use Psr\Http\Message\RequestInterface; use Facile\OpenIDClient\Service\AuthorizationService; use Facile\OpenIDClient\Client\ClientInterface; use Facile\OAuth2\HttpClient\OAuth2Plugin; use Facile\OAuth2\HttpClient\Request\OAuth2Request; // create an OIDC/OAuth2 client and the AuthorizationService from facile-it/php-openid-client /** @var AuthorizationService $authorizationService */ /** @var ClientInterface $client */ $plugin = new OAuth2Plugin( $authorizationService, $client, null, [ // inject default parameters: 'grant_type' => 'urn:ietf:params:oauth:grant-type:token-exchange', 'subject_token_type' => 'urn:ietf:params:oauth:token-type:access_token', 'audience' => 'my-resource-server', ] ); // use your PSR-18 HTTP client configured with our plugin /** @var HttpClient $apiClient */ // your HTTP request /** @var RequestInterface $request */ // the subject token can be the access token provided by the user requesting your APIs $subjectToken = ''; // then you need to call another service (my-resource-server), but you need another access token with the right audience $apiRequest = (new OAuth2Request($request)) ->withGrantParams([ 'subject_token' => $subjectToken, // the subject token ]); $response = $apiClient->sendRequest($apiRequest); ``` ### Cached Authorization [](#cached-authorization) To improve performance and avoid to fetch tokens when not necessary we can cache tokens using the `CachedProvider`. The cache is based on the client, the request URI host, and grant parameters. ``` use Facile\OpenIDClient\Service\AuthorizationService; use Facile\OpenIDClient\Client\ClientInterface; use Facile\OAuth2\HttpClient\OAuth2Plugin; use Facile\OAuth2\HttpClient\Authorization\CachedProvider; use Psr\SimpleCache\CacheInterface; // create an OIDC/OAuth2 client and the AuthorizationService from facile-it/php-openid-client /** @var AuthorizationService $authorizationService */ /** @var ClientInterface $client */ // use your PSR-16 simple-cache implementation /** @var CacheInterface $cache */ $oauth2Plugin = new OAuth2Plugin( $authorizationService, $client, new CachedProvider($cache /*, default TTL (in seconds) = 1800 */) ); ``` ### Authorization by request [](#authorization-by-request) Sometimes, only few resources are protected, so you don't always need to make and authorization request to every HTTP request. You can disable it, so authorization will be made only if the resource server request it (with a `401` or `403` response code). ``` use Facile\OpenIDClient\Service\AuthorizationService; use Facile\OpenIDClient\Client\ClientInterface; use Facile\OAuth2\HttpClient\OAuth2Plugin; // create an OIDC/OAuth2 client and the AuthorizationService from facile-it/php-openid-client /** @var AuthorizationService $authorizationService */ /** @var ClientInterface $client */ $oauth2Plugin = new OAuth2Plugin( $authorizationService, $client, null, [], false // disable authorization for each request ); ``` ### Health Score 17 — LowBetter than 6% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community7 Small or concentrated contributor base Maturity32 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/a6fa237583695920bbe285e738810728bfd7981ab066d39ffe852e09ae1fd30e?d=identicon)[thomasvargiu](/maintainers/thomasvargiu) --- Top Contributors [![thomasvargiu](https://avatars.githubusercontent.com/u/732012?v=4)](https://github.com/thomasvargiu "thomasvargiu (11 commits)") ### Embed Badge ![Health badge](/badges/facile-it-php-oauth2-http-client/health.svg) ``` [![Health](https://phpackages.com/badges/facile-it-php-oauth2-http-client/health.svg)](https://phpackages.com/packages/facile-it-php-oauth2-http-client) ``` ### Alternatives [friendsofsymfony/rest-bundle This Bundle provides various tools to rapidly develop RESTful API's with Symfony 2.8k73.3M317](/packages/friendsofsymfony-rest-bundle)[php-http/discovery Finds and installs PSR-7, PSR-17, PSR-18 and HTTPlug implementations 1.3k309.5M1.2k](/packages/php-http-discovery)[nyholm/psr7 A fast PHP7 implementation of PSR-7 1.3k235.4M2.4k](/packages/nyholm-psr7)[pusher/pusher-php-server Library for interacting with the Pusher REST API 1.5k94.8M292](/packages/pusher-pusher-php-server)[spatie/crawler Crawl all internal links found on a website 2.8k16.3M52](/packages/spatie-crawler)[react/http Event-driven, streaming HTTP client and server implementation for ReactPHP 78126.4M414](/packages/react-http) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)