PHPackages shawm11/oz-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. shawm11/oz-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) shawm11/oz-auth =============== PHP implementation of the Oz web authorization protocol 2.0.0(1y ago)229[1 PRs](https://github.com/shawm11/oz-auth-php/pulls)MITPHPPHP >=8.1CI failing Since Jun 24Pushed 1y ago1 watchersCompare [ Source](https://github.com/shawm11/oz-auth-php)[ Packagist](https://packagist.org/packages/shawm11/oz-auth)[ RSS](/packages/shawm11-oz-auth/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependencies (12)Versions (9)Used By (0) Oz Authorization PHP ==================== [](#oz-authorization-php) [![Version Number](https://camo.githubusercontent.com/9ca8aa684c6fef4b70a24f80139ee62ec11515d7d23456bb2547331df35c3e62/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736861776d31312f6f7a2d617574682e737667)](https://camo.githubusercontent.com/9ca8aa684c6fef4b70a24f80139ee62ec11515d7d23456bb2547331df35c3e62/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736861776d31312f6f7a2d617574682e737667)[![PHP Version](https://camo.githubusercontent.com/502b5439cff355410a007bccd14ac5f935989d559d91afce1c656f45fea6004e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736861776d31312f6f7a2d617574682e737667)](https://camo.githubusercontent.com/502b5439cff355410a007bccd14ac5f935989d559d91afce1c656f45fea6004e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736861776d31312f6f7a2d617574682e737667)[![License](https://camo.githubusercontent.com/4f7379d78c5aa2387ac6223786d4268ed971d11d74afee2519f2b1e8db4912af/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f736861776d31312f6f7a2d617574682d7068702e737667)](LICENSE.md) A PHP implementation of the 5.0.0 version of the [**Oz**](https://github.com/outmoded/oz)web authorization protocol. Important Oz is one of those rare projects that can be considered "complete". This means that changes to this repository be infrequent because only the development dependencies may need to be updated once every few years. If there is a bug or error in the documentation, please create an [issue](https://github.com/shawm11/oz-auth-php/issues). The issue will receive a response or be resolved as soon as possible. Table of Contents ----------------- [](#table-of-contents) - [What is Oz?](#what-is-oz) - [Oz and OAuth 2.0](#oz-and-oauth-20) - [Getting Started](#getting-started) - [Prerequisites](#prerequisites) - [Installation](#installation) - [Workflows](#workflows) - [Usage Examples](#usage-examples) - [Server Usage Examples](#server-usage-examples) - [Client Usage Examples](#client-usage-examples) - [Documentation](#documentation) - [API References](#api-references) - [Security Considerations](#security-considerations) - [Related Projects](#related-projects) - [Contributing/Development](#contributingdevelopment) - [Versioning](#versioning) - [License](#license) What is Oz? ----------- [](#what-is-oz) According to the [Oz README](https://github.com/outmoded/oz/blob/master/README.md): > Oz is a web authorization protocol based on industry best practices. Oz combines the Hawk authentication protocol with the Iron encryption protocol to provide a simple to use and secure solution for granting and authenticating third-party access to an API on behalf of a user or an application. ### Oz and OAuth 2.0 [](#oz-and-oauth-20) Oz is an alternative to OAuth 1.0a and OAuth 2.0 three-legged authorization. One of the goals of Oz is to be simple to use for the most common use cases without needing to be a web security expert while being flexible enough for less common use cases that may need more advanced web security knowledge. Oz does this by providing default options that are secure for the most common use cases, in other words Oz aims to be *secure by default*. All of the official three-legged OAuth 2.0 grant types have an equivalent Oz workflow. Below is table showing the Oz workflow equivalents for the OAuth 2.0 grant types. OAuth 2.0 Grant TypeOz Workflow[Authorization Code](https://oauth.net/2/grant-types/authorization-code/)RSVP[Implicit/PKCE](https://oauth.net/2/pkce/)Implicit *(Not an official workflow)*[Resource Owner Password Credentials](https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.3)User Credentials *(Not an official workflow)*[Client Credentials](https://oauth.net/2/grant-types/client-credentials/)[Hawk](https://github.com/shawm11/hawk-auth-php)Getting Started --------------- [](#getting-started) ### Prerequisites [](#prerequisites) - Git 2.9+ - PHP 7.2.0+ - OpenSSL PHP Extension - JSON PHP Extension - cURL PHP Extension (Only if using the Oz client) - [Composer](https://getcomposer.org/) - Node 6.9.0+ (Only for development) ### Installation [](#installation) Download and install using [Composer](https://getcomposer.org/): ``` composer require shawm11/oz-auth-php ``` Workflows --------- [](#workflows) This package includes two workflows that are not part of the [official Oz web authorization protocol](https://github.com/outmoded/oz). These two new workflows are the [User Credentials Workflow](docs/user-credentials-workflow.md)and the [Implicit Workflow](docs/implicit-workflow.md). The standard Oz workflow that is specified by the official protocol is referred to as the ["RSVP workflow"](docs/rsvp-workflow-without-delegation.md). Usage Examples -------------- [](#usage-examples) ### Server Usage Examples [](#server-usage-examples) - [RSVP Workflow — Server](docs/usage-examples/rsvp-workflow-server.md) - [User Credentials Workflow — Server](docs/usage-examples/user-credentials-workflow-server.md) - [Implicit Workflow — Server](docs/usage-examples/implicit-workflow-server.md) - [All Workflows — Server](docs/usage-examples/all-workflows-client.md) ### Client Usage Examples [](#client-usage-examples) - [RSVP Workflow — Client](docs/usage-examples/rsvp-workflow-client.md) - [User Credentials Workflow — Client](docs/usage-examples/user-credentials-workflow-client.md) - [Implicit Workflow — Client](docs/usage-examples/implicit-workflow-client.md) - [All Workflows — Client](docs/usage-examples/all-workflows-client.md) Documentation ------------- [](#documentation) - [RSVP Workflow (Without Delegation)](docs/rsvp-workflow-without-delegation.md) — General overview of the RSVP (standard) workflow when delegation is not being used - [User Credentials Workflow](docs/user-credentials-workflow.md) — General overview of the User Credentials workflow - [Implicit Workflow](docs/implicit-workflow.md) — General overview of the Implicit workflow ### API References [](#api-references) - [Server API](docs/api-reference/server-api.md) — API reference for the classes in the `Shawm11\Oz\Server` namespace - [Client API](docs/api-reference/server-api.md) — API reference for the classes in the `Shawm11\Oz\Client` namespace - [Shared Arrays](docs/api-reference/shared-arrays.md) — Details about collections of data used in other parts of the API Security Considerations ----------------------- [](#security-considerations) See the [Security Considerations](https://github.com/outmoded/oz#security-considerations)section of Oz's README. Related Projects ---------------- [](#related-projects) - [Hawk PHP Implementation](https://github.com/shawm11/hawk-auth-php) — Hawk is an HTTP authentication scheme that is an alternative to OAuth 1.0a and OAuth 2.0 two-legged authentication. - [Iron PHP Implementation](https://github.com/shawm11/iron-crypto-php) — *iron*(spelled with all lowercase), a cryptographic utility for sealing a JSON object into an encapsulated token. *iron* can be considered as an alternative to JSON Web Tokens (JWT). Contributing/Development ------------------------ [](#contributingdevelopment) Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on coding style, Git commit message guidelines, and other development information. Versioning ---------- [](#versioning) This project using [SemVer](http://semver.org/) for versioning. For the versions available, see the tags on this repository. License ------- [](#license) This project is open-sourced software licensed under the [MIT license](https://opensource.org/licenses/MIT). ### Health Score 37 — LowBetter than 83% of packages Maintenance38 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community7 Small or concentrated contributor base Maturity77 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~389 days Recently: every ~486 days Total 7 Last Release 542d ago Major Versions 1.1.4 → 2.0.02024-11-18 PHP version history (3 changes)1.0.0-betaPHP >=5.6.0 1.1.2PHP >=7.2.0 2.0.0PHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/c20594702330cf6f42e97455c41aca054dab32eee2c42a742a10b185b0a1d5ed?d=identicon)[shawm11](/maintainers/shawm11) --- Top Contributors [![shawm11](https://avatars.githubusercontent.com/u/11890980?v=4)](https://github.com/shawm11 "shawm11 (56 commits)") --- Tags authenticationauthorizationphp ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/shawm11-oz-auth/health.svg) ``` [![Health](https://phpackages.com/badges/shawm11-oz-auth/health.svg)](https://phpackages.com/packages/shawm11-oz-auth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)