PHPackages                             markus-g/oauth2-youtrack - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. markus-g/oauth2-youtrack

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

markus-g/oauth2-youtrack
========================

YouTrack OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2.0.0(8y ago)275MITPHPPHP &gt;=7.0.0

Since Dec 22Pushed 8y ago1 watchersCompare

[ Source](https://github.com/markus-g/oauth2-youtrack)[ Packagist](https://packagist.org/packages/markus-g/oauth2-youtrack)[ RSS](/packages/markus-g-oauth2-youtrack/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (2)Dependencies (3)Versions (3)Used By (0)

YouTrack Provider for OAuth 2.0 Client
======================================

[](#youtrack-provider-for-oauth-20-client)

This package provides YouTrack OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).

Installation
------------

[](#installation)

To install, use composer:

```
composer require markus-g/oauth2-youtrack

```

Usage
-----

[](#usage)

Usage is the same as The League's OAuth client, using `MarkusG\OAuth2\Client\Provider\Youtrack` as the provider.

### Authorization Code Flow

[](#authorization-code-flow)

See  for more information.

```
$provider = new \MarkusG\OAuth2\Client\Provider\Youtrack([
    'clientId' => 'YOUR_CLIENT_ID',
    'clientSecret' => 'YOUR_CLIENT_SECRET',
    'youtrackUrl' => 'http://your-youtrack-url.com',
    'redirectUri' => 'https://example.com/callback-url',
    'scope' => 'SCOPE', //use YouTrack service ID.
    'requestCredentials' => 'skip', // (optional)
]);

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl();

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: ' . $authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
    unset($_SESSION['oauth2state']);
    exit('Invalid state');
} else {
    try {
        // Try to get an access token using the authorization code grant.
        $accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // We have an access token, which we may use in authenticated
        // requests against the service provider's API.
        echo $accessToken->getToken() . "\n";
        echo $accessToken->getRefreshToken() . "\n";
        echo $accessToken->getExpires() . "\n";
        echo ($accessToken->hasExpired() ? 'expired' : 'not expired') . "\n";

        // Using the access token, we may look up details about the
        // resource owner.
        $resourceOwner = $provider->getResourceOwner($accessToken);

        var_dump($resourceOwner->getCreationTime());
        var_dump($resourceOwner->getLastAccessTime());
        var_dump($resourceOwner->toArray());

    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
        // Failed to get the access token or user details.
        exit($e->getMessage());
    }
}
```

### Client Credentials Grant

[](#client-credentials-grant)

See  for more information.

When your application is acting on its own behalf to access resources it controls/owns in a service provider, it may use the client credentials grant type. This is best used when the credentials for your application are stored privately and never exposed (e.g. through the web browser, etc.) to end-users. This grant type functions similarly to the resource owner password credentials grant type, but it does not request a user's username or password. It uses only the client ID and secret issued to your client by the service provider.

Unlike earlier examples, the following does not work against a functioning demo service provider. It is provided for the sake of example only.

```
// Note: the GenericProvider requires the `urlAuthorize` option, even though
// it's not used in the OAuth 2.0 client credentials grant type.

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
    'clientId' => 'YOUR_CLIENT_ID',
    'clientSecret' => 'YOUR_CLIENT_SECRET',
    'youtrackUrl' => 'http://your-youtrack-url.com',
    'redirectUri' => 'https://example.com/callback-url',
]);

try {

    // Try to get an access token using the client credentials grant.
    // Use the YouTrack ID under service in YouTrack HUB for the scope parameter
     $accessToken = $provider->getAccessToken('client_credentials', ['scope' => 'SCOPE']);

} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

    // Failed to get the access token
    exit($e->getMessage());

}
```

### Refreshing A Token

[](#refreshing-a-token)

Refresh tokens are only provided to applications which request offline access. You can specify offline access by setting the `accessType` option in your provider:

```
$provider = new MarkusG\OAuth2\Client\Provider\Youtrack([
    'clientId' => 'YOUR_CLIENT_ID',
    'clientSecret' => 'YOUR_CLIENT_SECRET',
    'redirectUri' => 'http://your-redirect-uri',
    'accessType'   => 'offline',
]);
```

It is important to note that the refresh token is only returned on the first request after this it will be `null`. You should securely store the refresh token when it is returned:

```
$grant = new \League\OAuth2\Client\Grant\RefreshToken();
$token = $provider->getAccessToken($grant, ['refresh_token' => $refreshToken]);
```

###  Health Score

27

—

LowBetter than 47% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity12

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~426 days

Total

2

Last Release

3050d ago

Major Versions

1.0.0 → 2.0.02018-02-22

PHP version history (2 changes)1.0.0PHP &gt;=5.5.0

2.0.0PHP &gt;=7.0.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/ae74edba20d62e136b0ec20c350f04e5133ef36e78488eafcfc3af56bee7b422?d=identicon)[markus-g](/maintainers/markus-g)

---

Top Contributors

[![markus-g](https://avatars.githubusercontent.com/u/8776695?v=4)](https://github.com/markus-g "markus-g (4 commits)")

---

Tags

jetbrainsoauth-provideroauth2oauth2-providerphpphp-leagueyoutrackclientjetbrainsoauthoauth2authorizationauthorisationyoutrack

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/markus-g-oauth2-youtrack/health.svg)

```
[![Health](https://phpackages.com/badges/markus-g-oauth2-youtrack/health.svg)](https://phpackages.com/packages/markus-g-oauth2-youtrack)
```

###  Alternatives

[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2276.2M36](/packages/stevenmaguire-oauth2-keycloak)[patrickbussmann/oauth2-apple

Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1152.7M11](/packages/patrickbussmann-oauth2-apple)[omines/oauth2-gitlab

GitLab OAuth 2.0 Client Provider for The PHP League OAuth2-Client

36761.9k15](/packages/omines-oauth2-gitlab)[league/oauth2-instagram

Instagram OAuth 2.0 Client Provider for The PHP League OAuth2-Client

661.1M43](/packages/league-oauth2-instagram)[mollie/oauth2-mollie-php

Mollie Provider for OAuth 2.0 Client

261.8M1](/packages/mollie-oauth2-mollie-php)[dalpras/oauth2-gotowebinar

LogMeIn GoToWebinar OAuth 2.0 Client Provider for the PHP League's OAuth 2.0 Client

1245.5k](/packages/dalpras-oauth2-gotowebinar)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
