PHPackages                             grant-software/oauth2-grantid - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. grant-software/oauth2-grantid

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

grant-software/oauth2-grantid
=============================

GrantId OAuth 2.0 Client Provider for The PHP League OAuth2-Client

09PHP

Since Jun 14Pushed 7y ago1 watchersCompare

[ Source](https://github.com/grant-software/oauth2-grantid)[ Packagist](https://packagist.org/packages/grant-software/oauth2-grantid)[ RSS](/packages/grant-software-oauth2-grantid/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependenciesVersions (1)Used By (0)

GrantId Provider for OAuth 2.0 Client
=====================================

[](#grantid-provider-for-oauth-20-client)

[Latest Version](https://packagist.org/packages/grant-software/oauth2-grantid)[Software License](https://github.com/grant-software/oauth2-grantid/blob/master/LICENSE)

This package provides GrantId OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client), v2.0 and up.

Installation
------------

[](#installation)

To install, use composer:

```
composer require grant-software/oauth2-grantid
```

Usage
-----

[](#usage)

Usage is the same as The League's OAuth 2.0 client, using `GrantId\OAuth2\Client\Provider\GrantId` as the provider.

### Hybrid Flow

[](#hybrid-flow)

This example retrieves an authorization code using user credentials in order to exchange for access tokens.

```
if (!isset($_GET['code'])) {
    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    var_dump($authUrl);
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: ' . $authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {

    try {
        // Try to get an access token using the authorization code grant.
        $accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // We have an access token, which we may use in authenticated
        // requests against the service provider's API.
        echo 'Access Token: ' . $accessToken->getToken() . "";
        echo 'Refresh Token: ' . $accessToken->getRefreshToken() . "";
        echo 'Expired in: ' . $accessToken->getExpires() . "";
        echo 'Already expired? ' . ($accessToken->hasExpired() ? 'expired' : 'not expired') . "";

        // Using the access token, we may look up details about the
        // resource owner.
        $resourceOwner = $provider->getResourceOwner($accessToken);

        var_export($resourceOwner->toArray());

        // The provider provides a way to get an authenticated API request for
        // the service, using the access token; it returns an object conforming
        // to Psr\Http\Message\RequestInterface.
        $request = $provider->getAuthenticatedRequest(
            'GET',
            'http://brentertainment.com/oauth2/lockdin/resource',
            $accessToken
        );
    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());
    }
}
```

Refreshing a Token
------------------

[](#refreshing-a-token)

To obtain an refresh token, you must have requested a token with the offline\_access scope. The following example shows how to use the provider to refresh the token.

```
$provider = new GrantId\OAuth2\Client\Provider\GrantId([
    'clientId'     => '{client-id}',
    'clientSecret' => '{client-secret}',
    'redirectUri'  => 'https://mysite.com/callback',
    'scopes' => '{scopes} offline_access',
    // Your subscription url
    'authority'    => 'https://sub.grantid.com'
]);

$existingAccessToken = getAccessTokenFromYourDataStore();

if ($existingAccessToken->hasExpired()) {
    $newAccessToken = $provider->getAccessToken('refresh_token', [
        'refresh_token' => $existingAccessToken->getRefreshToken()
    ]);

    // Purge old access token and store new access token to your data store.
}
```

###  Health Score

19

—

LowBetter than 10% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity4

Limited adoption so far

Community4

Small or concentrated contributor base

Maturity40

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/38d5709e8b1f09deee113247003e3e126f8d94f019b855c67f03a4b2e5052344?d=identicon)[ftfnunes](/maintainers/ftfnunes)

### Embed Badge

![Health badge](/badges/grant-software-oauth2-grantid/health.svg)

```
[![Health](https://phpackages.com/badges/grant-software-oauth2-grantid/health.svg)](https://phpackages.com/packages/grant-software-oauth2-grantid)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M117](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)