PHPackages layered/oauth2-wordpress-com - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. layered/oauth2-wordpress-com ActiveLibrary[Authentication & Authorization](/categories/authentication) layered/oauth2-wordpress-com ============================ WordPress.com OAuth 2.0 Client Provider for League OAuth2 Client v1.1(7y ago)19.9k↑25%[1 PRs](https://github.com/LayeredStudio/oauth2-wordpress-com/pulls)1MITPHP Since Mar 22Pushed 5y ago1 watchersCompare [ Source](https://github.com/LayeredStudio/oauth2-wordpress-com)[ Packagist](https://packagist.org/packages/layered/oauth2-wordpress-com)[ RSS](/packages/layered-oauth2-wordpress-com/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (3)Versions (6)Used By (1) WordPress.com provider for OAuth 2.0 Client =========================================== [](#wordpresscom-provider-for-oauth-20-client) This package provides [WordPress.com OAuth 2.0](https://developer.wordpress.com/docs/oauth2/) support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client). Requirements ------------ [](#requirements) This package uses [WordPress.com Connect](https://developer.wordpress.com/docs/wpcc/) to authenticate users with WordPress.com accounts. Requirements to use this package: - PHP >= 5.6 - a WordPress client ID and client secret, referred to as `{wordpress-client-id}` and `{wordpress-client-secret}`. Follow the [WordPress Apps](https://developer.wordpress.com/apps/) instructions to create the required credentials Installation ------------ [](#installation) Use composer to install: ``` composer require layered/oauth2-wordpress-com ``` Usage ----- [](#usage) Usage is the same as The League's Abstract OAuth client, using `\Layered\OAuth2\Client\Provider\WordPressCom` as the provider. ### Authorization Code Flow [](#authorization-code-flow) ``` use Layered\OAuth2\Client\Provider\WordPressCom; $provider = new WordPressCom([ 'clientId' => '{wordpresscom-client-id}', 'clientSecret' => '{wordpresscom-client-secret}', 'redirectUri' => 'https://example.com/callback-url', 'blog' => 'https://example.com' // optional - request auth for a specific blog ]); if (isset($_GET['error'])) { // Got an error, probably user denied access exit('Error: ' . htmlspecialchars($_GET['error_description'] . ' (' . $_GET['error_description'] . ')', ENT_QUOTES, 'UTF-8')); } elseif (!isset($_GET['code'])) { // If we don't have an authorization code then get one $authUrl = $provider->getAuthorizationUrl(); $_SESSION['oauth2state'] = $provider->getState(); header('Location: '. $authUrl); exit; } elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { // Check given state against previously stored one to mitigate CSRF attack unset($_SESSION['oauth2state']); exit('Invalid state'); } else { // Try to get an access token (using the authorization code grant) $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); // If auth was for a single site or global access, token contains extra blog info $tokenValues = $token->getValues(); echo 'Blog ID: ' . $tokenValues['blog_id'] . ''; echo 'Blog URL: ' . $tokenValues['blog_url'] . ''; // Get user profile data try { // We got an access token, let's now get the user's details $user = $provider->getResourceOwner($token); // Use these details to create a new profile printf('Hello %s!', $user->getName()); } catch (\Exception $e) { // Failed to get user details exit('Something went wrong: ' . $e->getMessage()); } // Use this to interact with an API on the users behalf echo $token->getToken(); } ``` #### Available Options [](#available-options) The `WordPressCom` provider has the following [options](https://developer.wordpress.com/docs/oauth2/#receiving-an-access-token): - `blog` can be a blog URL or blog ID for a WordPress.com blog or Jetpack site - `scope` to request access to additional data Scopes ------ [](#scopes) When creating the authorization URL, specify the scope your application may authorize. Available scopes for WordPress.com: - `auth` for authentication only, grants access to /me endpoints - `global` access to all user's sites and data - '' (*empty*) access to a single blog, specified in request or chosen by user #### Get access to user profile [](#get-access-to-user-profile) ``` $provider->getAuthorizationUrl([ 'scope' => 'auth' ]); ``` #### Get access to user profile & a single blog [](#get-access-to-user-profile--a-single-blog) ``` $provider->getAuthorizationUrl([ 'scope' => '' ]); ``` Testing ------- [](#testing) ``` composer test ``` Credits ------- [](#credits) - [Layered](https://github.com/LayeredStudio) - [All Contributors](https://github.com/LayeredStudio/oauth2-wordpress-com/contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](https://github.com/LayeredStudio/oauth2-wordpress-com/blob/master/LICENSE) for more information. ### Health Score 35 — LowBetter than 80% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity26 Limited adoption so far Community11 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 75% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~96 days Total 4 Last Release 2688d ago Major Versions v0.1 → v1.02018-03-22 ### Community Maintainers ![](https://www.gravatar.com/avatar/04be6a13bd2e1d72af13c56198468f669f39660d5c2cc8a54f8af3767d2b88bd?d=identicon)[AndreiHere](/maintainers/AndreiHere) --- Top Contributors [![AndreiIgna](https://avatars.githubusercontent.com/u/263021?v=4)](https://github.com/AndreiIgna "AndreiIgna (3 commits)")[![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (1 commits)") --- Tags authenticationauthorizationoauth2oauth2-providerwordpressclientwordpressAuthenticationoauthoauth2authorizationwordpress.com ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/layered-oauth2-wordpress-com/health.svg) ``` [![Health](https://phpackages.com/badges/layered-oauth2-wordpress-com/health.svg)](https://phpackages.com/packages/layered-oauth2-wordpress-com) ``` ### Alternatives [league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 42121.2M118](/packages/league-oauth2-google)[cakedc/oauth2-cognito Cognito OAuth 2.0 Client Provider for The PHP League OAuth2-Client 18597.7k](/packages/cakedc-oauth2-cognito) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)