PHPackages ultra-nick/peloton-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ultra-nick/peloton-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) ultra-nick/peloton-auth ======================= PHP class for automated Peloton OAuth token management - no authorised endpoint required. v1.0.1(2mo ago)03MITPHPPHP >=7.4 Since Mar 3Pushed 2mo agoCompare [ Source](https://github.com/ultra-nick/peloton-auth)[ Packagist](https://packagist.org/packages/ultra-nick/peloton-auth)[ Docs](https://github.com/ultra-nick/peloton-auth)[ RSS](/packages/ultra-nick-peloton-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)DependenciesVersions (3)Used By (0) peloton-auth ============ [](#peloton-auth) A PHP class for automated Peloton API OAuth token management. Handles the full authentication lifecycle - login, token refresh, and credential fallback - without requiring an authorised Peloton API endpoint. > **Disclaimer:** This is an unofficial library with no affiliation with Peloton Interactive, Inc. It uses Peloton's web OAuth PKCE flow, which may change at any time. Use at your own risk and in accordance with Peloton's terms of service. --- Features -------- [](#features) - Obtains Peloton API OAuth access and refresh tokens from username and password alone - Automatically refreshes tokens before they expire - Falls back to full credential login if the refresh token has expired - Once set up, requires no manual intervention - No config files - credentials and tokens are passed directly, keeping storage in your control --- Requirements ------------ [](#requirements) - PHP 7.4 or higher - cURL extension enabled --- Installation ------------ [](#installation) ### Via Composer [](#via-composer) ``` composer require ultra-nick/peloton-auth ``` ### Manual [](#manual) Copy `PelotonAuth.php` into your project and `require_once` it directly. --- Usage ----- [](#usage) ### Basic usage [](#basic-usage) Instantiate the class with your Peloton credentials and call `getTokenData()`. That's it - the library handles everything else internally. ``` require_once 'PelotonAuth.php'; $auth = new PelotonAuth('your@email.com', 'yourpassword'); $tokens = $auth->getTokenData(); echo $tokens->access_token; echo $tokens->refresh_token; echo $tokens->user_id; echo $tokens->expires_at; // Unix timestamp ``` ### Persisting tokens between runs [](#persisting-tokens-between-runs) The library manages tokens in memory. To avoid a full login on every run, store the tokens yourself and pass them back in on the next instantiation: ``` // Load previously stored tokens (from a file, database, etc.) $stored = json_decode(file_get_contents('tokens.json')); $auth = new PelotonAuth( 'your@email.com', 'yourpassword', $stored->access_token ?? null, $stored->refresh_token ?? null ); $tokens = $auth->getTokenData(); // Save the updated tokens for next time file_put_contents('tokens.json', json_encode($tokens)); ``` ### Making API requests [](#making-api-requests) `getTokenData()` returns the tokens you need to make your own API requests: ``` $tokens = $auth->getTokenData(); $ch = curl_init('https://api.onepeloton.com/api/me'); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . $tokens->access_token, 'Content-Type: application/json', ], ]); $response = json_decode(curl_exec($ch), true); curl_close($ch); // Deprecated from PHP 8.5 - safe to remove if running PHP 8.0+ ``` --- How it works ------------ [](#how-it-works) Peloton's API uses Auth0 for authentication. This library implements the **OAuth 2.0 PKCE (Proof Key for Code Exchange)** flow - the same flow used by the Peloton web app. Token lifecycle is managed automatically in three tiers: 1. **Valid token** - returned immediately with no network call 2. **Token expired, refresh token present** - silently refreshes using the stored refresh token 3. **No tokens, or refresh fails** - performs a full PKCE login using the stored credentials --- API Reference ------------- [](#api-reference) ### Constructor [](#constructor) ``` new PelotonAuth( string $username, string $password, ?string $accessToken = null, ?string $refreshToken = null ) ``` ParameterTypeDescription`$username``string`Peloton account email`$password``string`Peloton account password`$accessToken``string|null`Previously stored access token (optional)`$refreshToken``string|null`Previously stored refresh token (optional)### `getTokenData(): object` [](#gettokendata-object) Returns a valid token data object, refreshing or re-authenticating as needed. ``` $tokens = $auth->getTokenData(); ``` **Returns an object with the following properties:** PropertyTypeDescription`access_token``string`Bearer token for Peloton API requests`refresh_token``string|null`Token used to obtain a new access token`expires_at``int|null`Token expiry as a Unix timestamp`user_id``string|null`Peloton user ID decoded from the JWT**Throws** `\RuntimeException` if all authentication attempts fail. --- Security -------- [](#security) - Store your credentials and token files outside your web root - Never commit credentials or token files to version control - add them to `.gitignore` - Treat access and refresh tokens with the same care as passwords --- Contributing ------------ [](#contributing) Issues and pull requests are welcome. If Peloton's API auth flow changes and this library breaks, please open an issue. --- License ------- [](#license) MIT - see [LICENSE](LICENSE) for details. ### Health Score 35 — LowBetter than 80% of packages Maintenance88 Actively maintained with recent releases Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity35 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~14 days Total 2 Last Release 62d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f5e22412e5abb8c66ce6c7705dea1e44c8667d1068700622bad3cdf35ef82876?d=identicon)[ultra-nick](/maintainers/ultra-nick) --- Top Contributors [![ultra-nick](https://avatars.githubusercontent.com/u/264198737?v=4)](https://github.com/ultra-nick "ultra-nick (5 commits)") --- Tags apiauthoauthpkcepeloton ### Embed Badge ![Health badge](/badges/ultra-nick-peloton-auth/health.svg) ``` [![Health](https://phpackages.com/badges/ultra-nick-peloton-auth/health.svg)](https://phpackages.com/packages/ultra-nick-peloton-auth) ``` ### Alternatives [league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[auth0/auth0-php PHP SDK for Auth0 Authentication and Management APIs. 40820.2M68](/packages/auth0-auth0-php)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[auth0/symfony Symfony SDK for Auth0 Authentication and Management APIs. 128738.1k](/packages/auth0-symfony)[auth0/wordpress WordPress Plugin for Auth0 17419.5k](/packages/auth0-wordpress)[chervand/yii2-oauth2-server OAuth 2.0 server for Yii 2.0 with MAC tokens support. 1524.2k1](/packages/chervand-yii2-oauth2-server) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)