PHPackages humanmade/delegated-oauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. humanmade/delegated-oauth ActiveWordpress-plugin[Authentication & Authorization](/categories/authentication) humanmade/delegated-oauth ========================= Delegate OAuth 2 authorization to another WordPress site 1.0.6(1y ago)10115.7k[3 issues](https://github.com/humanmade/delegated-oauth2/issues)[2 PRs](https://github.com/humanmade/delegated-oauth2/pulls)GPL-2.0-or-laterPHP Since Apr 1Pushed 1y ago22 watchersCompare [ Source](https://github.com/humanmade/delegated-oauth2)[ Packagist](https://packagist.org/packages/humanmade/delegated-oauth)[ RSS](/packages/humanmade-delegated-oauth/feed)WikiDiscussions master Synced 2d ago READMEChangelog (6)DependenciesVersions (10)Used By (0) Delegated Auth ============== [](#delegated-auth) Delegate authentication and user management to another WordPress site. Support native WordPress logins via the login form, and OAuth 2 REST API requests. The OAuth 2 REST API plugin must be enabled on the delegated upstream site. When a login request is delegated to the upstream WordPress site a local cache of the user will be inserted into the WordPress database, mirroring all data, roles and capabilities. The login is synchronized on every request with the upstream WordPress site to make sure data is fresh and capabilities have not been removed. This can add some performance lag on all authenticated requests. Configuring Cookie Auth ----------------------- [](#configuring-cookie-auth) For Cookie auth to work correctly you must create an OAuth 2 application on the upstream WordPress site. Do so using the `home_url( '/hm-delegated-auth-callback' )` as the Callback URL, and configure this plugin with the Client ID in the PHP constant `HM_DELEGATED_AUTH_CLIENT_ID`. Note that if you are using multisite, this must use the home URL for the main site so that the callback URL is the same for the whole network. Delegated Auth then redirects internally between sites as necessary. Caching Access Token Authentication ----------------------------------- [](#caching-access-token-authentication) Checking the upstream WordPress site on each HTTP request to validate the OAuth 2 access token can cause significant load. Delegated Auth supports locally caching the access token validation for a short period of time, so not every request causes an upstream HTTP request. To enable this functionality, define the `HM_DELEGATED_AUTH_ACCESS_TOKEN_CACHE_TTL` constant with an integer value in seconds. For example, to cache Access Token validation for 60 seconds: ``` define( 'HM_DELEGATED_AUTH_ACCESS_TOKEN_CACHE_TTL', 60 ); ``` ### Health Score 39 — LowBetter than 86% of packages Maintenance32 Infrequent updates — may be unmaintained Popularity30 Limited adoption so far Community14 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 77% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~343 days Recently: every ~439 days Total 7 Last Release 541d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f1d0ffccdc5d339ff98a91e1b224a0d92f93dc8c2f772124473a76655b83129c?d=identicon)[joehoyle](/maintainers/joehoyle) --- Top Contributors [![joehoyle](https://avatars.githubusercontent.com/u/161683?v=4)](https://github.com/joehoyle "joehoyle (47 commits)")[![rmccue](https://avatars.githubusercontent.com/u/21655?v=4)](https://github.com/rmccue "rmccue (12 commits)")[![BronsonQuick](https://avatars.githubusercontent.com/u/1377956?v=4)](https://github.com/BronsonQuick "BronsonQuick (2 commits)") ### Embed Badge ![Health badge](/badges/humanmade-delegated-oauth/health.svg) ``` [![Health](https://phpackages.com/badges/humanmade-delegated-oauth/health.svg)](https://phpackages.com/packages/humanmade-delegated-oauth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)