PHPackages                             muffin/oauth2 - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. muffin/oauth2

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

muffin/oauth2
=============

CakePHP 3 authentication using the league/oauth2-client family

1.1.0(7y ago)27103.4k↑14.8%12[1 PRs](https://github.com/UseMuffin/OAuth2/pulls)MITPHP

Since Oct 5Pushed 7y ago5 watchersCompare

[ Source](https://github.com/UseMuffin/OAuth2)[ Packagist](https://packagist.org/packages/muffin/oauth2)[ Docs](https://github.com/usemuffin/oauth2)[ RSS](/packages/muffin-oauth2/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (2)Dependencies (3)Versions (4)Used By (0)

OAuth2
======

[](#oauth2)

[![Build Status](https://camo.githubusercontent.com/91b6900536ba05f632c309316d0a8168b183fb68f32409e015380cf97523ed33/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f5573654d756666696e2f4f41757468322f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/UseMuffin/OAuth2)[![Coverage](https://camo.githubusercontent.com/f57fdac5850ae1815687399a529dfc44e315bc60cdffa727a297eccca55c34e8/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f5573654d756666696e2f4f41757468322f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://coveralls.io/r/UseMuffin/OAuth2)[![Total Downloads](https://camo.githubusercontent.com/7a7ef37cab960497dde332af6875b7b74500c6373965762408dc852866717fc7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d756666696e2f6f61757468322e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/muffin/oauth2)[![License](https://camo.githubusercontent.com/942e017bf0672002dd32a857c95d66f28c5900ab541838c6c664442516309c8a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d666c61742d737175617265)](LICENSE)

[CakePHP 3](http://cakephp.org) authentication using the [league/oauth2-client](https://github.com/thephpleague/oauth2-client).

Install
-------

[](#install)

Using [Composer](http://getcomposer.org):

```
composer require muffin/oauth2

```

You then need to load the plugin.

```
bin/cake plugin load Muffin/OAuth2

```

Wait, you're not done yet. This plugin will **NOT** require any of the clients. You will have to do it yourself. For e.g. if you want to use Github client do:

```
composer require "league/oauth2-github"
```

Usage
-----

[](#usage)

First, start by defining the providers:

```
// either in `config/bootstrap.php`
Configure::write('Muffin/OAuth2', [
    'providers' => [
        'github' => [
            'className' => 'League\OAuth2\Client\Provider\Github',
            // all options defined here are passed to the provider's constructor
            'options' => [
                'clientId' => 'foo',
                'clientSecret' => 'bar',
            ],
            'mapFields' => [
                'username' => 'login', // maps the app's username to github's login
            ],
            // ... add here the usual AuthComponent configuration if needed like fields, etc.
        ],
    ],
]);

// or in `src/Controller/AppController.php`
$this->loadComponent('Auth', [
    'authenticate' => [
        // ...
        'Muffin/OAuth2.OAuth' => [
            'providers' => [
                // the array from example above
            ],
        ],
    ],
]);
```

Upon successful authorization, and if the user has no local instance, an event (`Muffin/OAuth2.newUser`) is triggered. Use it to create a user like so:

```
// bootstrap.php
use Cake\Event\Event;
use Cake\ORM\TableRegistry;
EventManager::instance()->on(
    'Muffin/OAuth2.newUser',
    [TableRegistry::get('Users'), 'createNewUser']
);

// UsersTable.php
use Cake\Event\Event;
use League\OAuth2\Client\Provider\AbstractProvider;
public function createNewUser(Event $event, AbstractProvider $provider, array $data)
{
    $entity = $this->newEntity($data);
    $this->save($entity);

    return $entity->toArray(); // user data to be used in session
}
```

Finally, once token is received, the `Muffin/OAuth2.afterIdentify` event is triggered. Use this to update your local tokens for example:

```
// bootstrap.php
use Cake\Event\Event;
use Cake\ORM\TableRegistry;
EventManager::instance()->on(
    'Muffin/OAuth2.afterIdentify',
    [TableRegistry::get('Tokens'), 'createOrUpdate']
);

// TokensTable.php
use Cake\Event\Event;
use League\OAuth2\Client\Provider\AbstractProvider;

public function createOrUpdate(Event $event, AbstractProvider $provider, array $data)
{
    // ...
    return; // void
}
```

Next up, you need to create a route that will be used by all providers:

```
// config/routes.php

Router::connect(
    '/oauth/:provider',
    ['controller' => 'users', 'action' => 'login'],
    ['provider' => implode('|', array_keys(Configure::read('Muffin/OAuth2.providers')))]
);
```

Now, if you have already read the book's `AuthComponent` documentation, you should be familiar with how to add the new authentication object to it:

```
// src/Controller/AppController.php
$this->loadComponent('Auth', [
    'authenticate' => [
        'Form',
        'Muffin/OAuth2.OAuth',
    ]
]);
```

Patches &amp; Features
----------------------

[](#patches--features)

- Fork
- Mod, fix
- Test - this is important, so it's not unintentionally broken
- Commit - do not mess with license, todo, version, etc. (if you do change any, bump them into commits of their own that I can ignore when I pull)
- Pull request - bonus point for topic branches

To ensure your PRs are considered for upstream, you MUST follow the [CakePHP coding standards](http://book.cakephp.org/3.0/en/contributing/cakephp-coding-conventions.html).

Bugs &amp; Feedback
-------------------

[](#bugs--feedback)

License
-------

[](#license)

Copyright (c) 2018, [Use Muffin](http://usemuffin.com) and licensed under [The MIT License](http://www.opensource.org/licenses/mit-license.php).

###  Health Score

40

—

FairBetter than 88% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity43

Moderate usage in the ecosystem

Community19

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 87% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~817 days

Total

2

Last Release

2730d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/ccb57ae849b67ade8d9c1e266bc2868183bbcf07fb6c66c2d45254a452272d54?d=identicon)[jadb](/maintainers/jadb)

![](https://www.gravatar.com/avatar/e31753bdd616948c7c8978ea9b5805378f75bfa62564e69c0aa2fd67aaf418c5?d=identicon)[ADmad](/maintainers/ADmad)

---

Top Contributors

[![jadb](https://avatars.githubusercontent.com/u/33527?v=4)](https://github.com/jadb "jadb (40 commits)")[![ADmad](https://avatars.githubusercontent.com/u/142658?v=4)](https://github.com/ADmad "ADmad (3 commits)")[![terrabruder](https://avatars.githubusercontent.com/u/1594593?v=4)](https://github.com/terrabruder "terrabruder (2 commits)")[![Spriz](https://avatars.githubusercontent.com/u/3512268?v=4)](https://github.com/Spriz "Spriz (1 commits)")

---

Tags

leagueauthAuthenticationcakephpoauth2muffin

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/muffin-oauth2/health.svg)

```
[![Health](https://phpackages.com/badges/muffin-oauth2/health.svg)](https://phpackages.com/packages/muffin-oauth2)
```

###  Alternatives

[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.6k136.0M248](/packages/league-oauth2-server)[cakedc/users

Users Plugin for CakePHP

524897.0k16](/packages/cakedc-users)[chervand/yii2-oauth2-server

OAuth 2.0 server for Yii 2.0 with MAC tokens support.

1524.2k1](/packages/chervand-yii2-oauth2-server)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)