PHPackages                             onpayio/oauth2-client - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. onpayio/oauth2-client

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

onpayio/oauth2-client
=====================

Very simple OAuth 2.0 client

7.3.0(1y ago)09.2k2[2 PRs](https://github.com/onpayio/php-oauth2-client/pulls)MITPHPPHP &gt;=5.4

Since May 30Pushed 1y agoCompare

[ Source](https://github.com/onpayio/php-oauth2-client)[ Packagist](https://packagist.org/packages/onpayio/oauth2-client)[ RSS](/packages/onpayio-oauth2-client/feed)WikiDiscussions main Synced 3w ago

READMEChangelog (1)Dependencies (5)Versions (27)Used By (0)

This is a very simple to use OAuth 2.0 client. It has minimal dependencies.

**NOTE**: if you are not bound to PHP 5.4, you are probably better off using the OAuth 2.0 client of the League of Extraordinary Packages! It can be found [here](http://oauth2-client.thephpleague.com/).

Features
========

[](#features)

- Simplicity
- Works with PHP &gt;= 5.4
- Minimal dependencies;
- Supports OAuth refresh tokens.
- Easy integration with your own application and/or framework;
- Does not enforce a framework on you;
- Only "authorization code" profile support, will not implement anything else;
- Only conforming OAuth 2.0 servers will work, this library will not get out of its way to deal with services that violate the OAuth 2.0 RFC;
- There will be no toggles to shoot yourself in the foot;
- Uses `paragonie/constant_time_encoding` for constant time encoding;
- Uses `paragonie/random_compat` polyfill for CSPRNG;
- Uses `symfony/polyfill-php56` polyfill for `hash_equals`;
- Uses `psr/log` to provide an interface to log HTTP requests between OAuth client and server; usually very hard to debug "in the field";

You **MUST** configure PHP in such a way that it enforces secure cookies! See [this](https://paragonie.com/blog/2015/04/fast-track-safe-and-secure-php-sessions)resource for more information.

Use
===

[](#use)

Currently php-oauth2-client is not hosted on [Packagist](https://packagist.org/). It may be added in the future. In your `composer.json`:

```
"repositories": [
    {
        "type": "vcs",
        "url": "https://git.tuxed.net/fkooman/php-oauth2-client"
    },
    ...
],

"require": {
    "fkooman/oauth2-client": "^7",
    ...
},

```

You can also download the signed source code archive [here](https://src.tuxed.net/php-oauth2-client/).

API
===

[](#api)

The API is very simple to use. See the `example/` folder for a working example!

Security
========

[](#security)

As always, make sure you understand what you are doing! Some resources:

- [The Fast Track to Safe and Secure PHP Sessions](https://paragonie.com/blog/2015/04/fast-track-safe-and-secure-php-sessions)
- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
- [The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://tools.ietf.org/html/rfc6750)
- [OAuth 2.0 Threat Model and Security Considerations](https://tools.ietf.org/html/rfc6819)
- [securityheaders.io](https://securityheaders.io/)
- [Proof Key for Code Exchange by OAuth Public Clients](https://tools.ietf.org/html/rfc7636)

Contact
=======

[](#contact)

You can contact me with any questions or issues regarding this project. Drop me a line at .

If you want to (responsibly) disclose a security issue you can also use the PGP key with key ID `9C5EDD645A571EB2` and fingerprint `6237 BAF1 418A 907D AA98  EAA7 9C5E DD64 5A57 1EB2`.

License
=======

[](#license)

[MIT](LICENSE).

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance34

Infrequent updates — may be unmaintained

Popularity21

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity68

Established project with proven stability

 Bus Factor1

Top contributor holds 80% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~133 days

Recently: every ~585 days

Total

24

Last Release

624d ago

Major Versions

2.0.2 → 3.0.02016-11-25

3.0.2 → 4.0.02017-01-04

4.0.1 → 5.0.02017-07-06

5.0.3 → 6.0.02017-11-27

6.0.2 → 7.0.02018-04-12

PHP version history (2 changes)1.0.0PHP &gt;=5.4.0

5.0.1PHP &gt;=5.4

### Community

Maintainers

![](https://www.gravatar.com/avatar/ab602e8f90a15c50629279480bffac549497b9c3cd50c18aabc242c593e1d3b3?d=identicon)[dvaeversted](/maintainers/dvaeversted)

---

Top Contributors

[![ebbesmoeller](https://avatars.githubusercontent.com/u/4209221?v=4)](https://github.com/ebbesmoeller "ebbesmoeller (4 commits)")[![dvaeversted](https://avatars.githubusercontent.com/u/1611810?v=4)](https://github.com/dvaeversted "dvaeversted (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/onpayio-oauth2-client/health.svg)

```
[![Health](https://phpackages.com/badges/onpayio-oauth2-client/health.svg)](https://phpackages.com/packages/onpayio-oauth2-client)
```

###  Alternatives

[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k465.6M1.5k](/packages/phpseclib-phpseclib)[web-auth/webauthn-lib

FIDO2/Webauthn Support For PHP

12310.5M130](/packages/web-auth-webauthn-lib)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

515100.5k3](/packages/web-auth-webauthn-framework)[symfony/cache

Provides extended PSR-6, PSR-16 (and tags) implementations

4.2k373.5M3.3k](/packages/symfony-cache)[google/auth

Google Auth Library for PHP

1.4k294.2M216](/packages/google-auth)[matomo/matomo

Matomo is the leading Free/Libre open analytics platform

21.7k38.9k](/packages/matomo-matomo)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
