PHPackages                             verifymyagecouk/verifymyage-oauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. verifymyagecouk/verifymyage-oauth

ActiveProject[Authentication &amp; Authorization](/categories/authentication)

verifymyagecouk/verifymyage-oauth
=================================

VerifyMyAge OAuth Verification

3.2.0(2w ago)5139.4k↓55.7%5[1 issues](https://github.com/verifymyagecouk/verifymyage-oauth/issues)[3 PRs](https://github.com/verifymyagecouk/verifymyage-oauth/pulls)MITPHP

Since May 19Pushed 2w ago3 watchersCompare

[ Source](https://github.com/verifymyagecouk/verifymyage-oauth)[ Packagist](https://packagist.org/packages/verifymyagecouk/verifymyage-oauth)[ RSS](/packages/verifymyagecouk-verifymyage-oauth/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (10)Dependencies (3)Versions (33)Used By (0)

VerifyMyAge PHP SDK
===================

[](#verifymyage-php-sdk)

A PHP SDK for integrating with VerifyMyAge's verification service. This library provides easy-to-use methods for implementing age verification in your PHP applications.

Table of Contents
-----------------

[](#table-of-contents)

- [Installation](#installation)
- [Features](#features)
- [Usage](#usage)
    - [SDK Versions](#sdk-versions)
    - [Verification Methods](#verification-methods)
    - [Webhook Notification Levels](#webhook-notification-levels)
    - [Supported Countries](#supported-countries)
- [OAuthV3 (Recommended)](#oauthv3-recommended)
    - [Start a Verification](#start-a-verification)
    - [Get Verification Status](#get-verification-status)
    - [Manage Allowed Redirect URLs](#manage-allowed-redirect-urls)
- [OAuthV2](#oauthv2)
- [OAuthV1 / OAuth (Legacy)](#oauthv1--oauth-legacy)
- [Development Mode](#development-mode)
- [Error Handling](#error-handling)
- [Security Considerations](#security-considerations)

Installation
------------

[](#installation)

```
composer require verifymyagecouk/verifymyage-oauth
```

Features
--------

[](#features)

- API v3 support with direct HMAC authentication
- Multiple verification methods
- Support for various countries
- Sandbox environment for testing
- User data encryption

Usage
-----

[](#usage)

### SDK Versions

[](#sdk-versions)

ClassAPI VersionStatus`OAuthV3`v3**Recommended**`OAuthV2`v2Maintained`OAuthV1`v1Maintained`OAuth`LegacyLegacy### Verification Methods

[](#verification-methods)

```
use VerifyMyAge\Methods;

Methods::AGE_ESTIMATION     // "AgeEstimation"
Methods::CREDIT_CARD        // "CreditCard"
Methods::DOUBLE_BLIND       // "DoubleBlind"  — v3 only
Methods::EMAIL              // "Email"
Methods::ID_SCAN            // "IDScan"
Methods::ID_SCAN_FACE_MATCH // "IDScanFaceMatch"
```

### Webhook Notification Levels

[](#webhook-notification-levels)

```
use VerifyMyAge\Webhook;

Webhook::MINIMAL_NOTIFICATION_LEVEL              // "minimal"           — v2 & v3
Webhook::DETAILED_NOTIFICATION_LEVEL             // "detailed"          — v2 & v3
Webhook::METHOD_EXHAUSTED_NOTIFICATION_LEVEL     // "method_exhausted"  — v2
Webhook::METHOD_EXHAUSTED_V3_NOTIFICATION_LEVEL  // "method-exhausted"  — v3
```

### Supported Countries

[](#supported-countries)

The SDK supports various countries including:

- Australia (`Countries::AUSTRALIA`)
- Brazil (`Countries::BRAZIL`)
- Spain (`Countries::SPAIN`)
- United Kingdom (`Countries::UNITED_KINGDOM`)
- France (`Countries::FRANCE`)
- Germany (`Countries::GERMANY`)
- United States (`Countries::UNITED_STATES_OF_AMERICA`)
- Indonesia (`Countries::INDONESIA`)
- Ireland (`Countries::IRELAND`)
- Italy (`Countries::ITALY`)
- Demo mode (`Countries::DEMO`)

---

OAuthV3 (Recommended)
---------------------

[](#oauthv3-recommended)

OAuthV3 targets the `/api/v3/verifications` endpoints and uses HMAC authentication directly — there is no OAuth2 code-exchange step. After the user completes verification they are redirected to your `redirect_url` with a `verification_id` query parameter; use `getVerification()` to retrieve the result.

### Start a Verification

[](#start-a-verification)

```
use VerifyMyAge\OAuthV3;
use VerifyMyAge\Countries;
use VerifyMyAge\Methods;
use VerifyMyAge\Webhook;

$oauth = new OAuthV3(
    'your-api-key',
    'your-api-secret',
    'https://your-app.com/callback'
);

// Optional: use sandbox for development
$oauth->useSandbox();

$result = $oauth->getStartVerificationUrl(
    country: Countries::UNITED_KINGDOM,
    method: Methods::ID_SCAN,                                   // optional
    businessSettingsId: 'your-business-settings-id',            // optional
    externalUserId: 'user-123',                                 // optional
    webhook: 'https://your-app.com/webhook',                    // optional
    webhookNotificationLevel: Webhook::DETAILED_NOTIFICATION_LEVEL, // optional
    userInfo: ['email' => 'user@example.com'],                  // optional
);

// Instant approval — no user interaction needed
if ($result['verification_status'] === 'approved') {
    // User is already approved
}

// User interaction required — redirect them to the verification URL
if (isset($result['start_verification_url'])) {
    header('Location: ' . $result['start_verification_url']);
    exit;
}
```

### Get Verification Status

[](#get-verification-status)

After the user completes verification they are redirected to your callback URL with `?verification_id=abc123`. Use that ID to fetch the result:

```
$verification = $oauth->getVerification($verificationId);

// Possible statuses: started | pending | approved | failed | expired
echo $verification['status'];
```

### Manage Allowed Redirect URLs

[](#manage-allowed-redirect-urls)

```
// List all registered redirect URLs for this account
$urls = $oauth->getAllowedRedirects();

// Append new URLs (does not replace the existing list)
$oauth->addAllowedRedirects([
    'https://your-app.com/callback',
    'https://your-app.com/alt-callback',
]);
```

---

OAuthV2
-------

[](#oauthv2)

OAuthV2 targets the `/v2/auth/start` endpoint. After verification the user is redirected with a `code` and `verification_id`; exchange the code for a token to retrieve user data.

```
use VerifyMyAge\OAuthV2;
use VerifyMyAge\Countries;
use VerifyMyAge\Methods;
use VerifyMyAge\Webhook;

$oauth = new OAuthV2(
    'your-client-id',
    'your-client-secret',
    'https://your-app.com/callback'
);

$oauth->useSandbox(); // optional

// Start verification
$result = $oauth->getStartVerificationUrl(
    country: Countries::UNITED_KINGDOM,
    method: Methods::ID_SCAN,
    businessSettingsId: 'your-business-id',
    externalUserId: 'user-123',
    verificationId: '',
    webhook: 'https://your-app.com/webhook',
    webhookNotificationLevel: Webhook::DETAILED_NOTIFICATION_LEVEL,
    stealth: false,
    userInfo: ['email' => 'user@example.com'],
);

if (isset($result['start_verification_url'])) {
    header('Location: ' . $result['start_verification_url']);
    exit;
}

// On callback: exchange the code for a token
$token = $oauth->exchangeCodeByToken($_GET['code']);

// Retrieve user/verification data
$user = $oauth->user($token);
```

---

OAuthV1 / OAuth (Legacy)
------------------------

[](#oauthv1--oauth-legacy)

```
use VerifyMyAge\OAuthV1;

$oauth = new OAuthV1($clientId, $clientSecret, $redirectUrl);

$result = $oauth->getStartVerificationUrl(
    country: Countries::UNITED_KINGDOM,
    method: Methods::ID_SCAN,
);

// On callback: exchange the code for a token
$token = $oauth->exchangeCodeByToken($_GET['code']);
```

The legacy `OAuth` class uses the OAuth2 authorization-code redirect flow:

```
use VerifyMyAge\OAuth;

$oauth = new OAuth($clientId, $clientSecret, $redirectUrl);

// Redirect user to the VerifyMyAge authorization page
$authUrl = $oauth->redirectURL(Countries::UNITED_KINGDOM, Methods::ID_SCAN);
header('Location: ' . $authUrl);
exit;

// On callback: exchange the code for a token
$token = $oauth->exchangeCodeByToken($_GET['code']);
$user  = $oauth->user($token);
```

---

Development Mode
----------------

[](#development-mode)

All SDK versions support sandbox mode. Use it during development to avoid affecting production data:

```
$oauth->useSandbox();
```

Sandbox endpoint: `https://oauth.sandbox.verifymyage.com`
Production endpoint: `https://oauth.verifymyage.com`

---

Error Handling
--------------

[](#error-handling)

The SDK throws `\Exception` for invalid inputs and API errors. API errors include the HTTP status code in the exception message as JSON:

```
try {
    $result = $oauth->getStartVerificationUrl(country: Countries::UNITED_KINGDOM);
} catch (\Exception $e) {
    $error = json_decode($e->getMessage(), true);
    // $error['code'] contains the HTTP status code (for API errors)
    error_log($e->getMessage());
}
```

---

Security Considerations
-----------------------

[](#security-considerations)

- Always use HTTPS for redirect URLs and webhook endpoints
- Keep your API credentials secure and out of version control
- Validate the `verification_id` received in callbacks before using it
- Use webhook signature verification where available

###  Health Score

56

—

FairBetter than 97% of packages

Maintenance93

Actively maintained with recent releases

Popularity39

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 53.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~103 days

Recently: every ~35 days

Total

19

Last Release

15d ago

Major Versions

1.0.1 → 2.0.02021-12-15

2.1.0 → 3.0.02025-01-15

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/84160759?v=4)[wearenucleus](/maintainers/wearenucleus)[@wearenucleus](https://github.com/wearenucleus)

---

Top Contributors

[![CezariniGUilherme](https://avatars.githubusercontent.com/u/137816045?v=4)](https://github.com/CezariniGUilherme "CezariniGUilherme (50 commits)")[![bruno-verifymyage](https://avatars.githubusercontent.com/u/71042444?v=4)](https://github.com/bruno-verifymyage "bruno-verifymyage (22 commits)")[![diogosonsimvma](https://avatars.githubusercontent.com/u/137418666?v=4)](https://github.com/diogosonsimvma "diogosonsimvma (14 commits)")[![gabrielverta](https://avatars.githubusercontent.com/u/1208147?v=4)](https://github.com/gabrielverta "gabrielverta (4 commits)")[![guilhermesantanna-verifymy](https://avatars.githubusercontent.com/u/132601973?v=4)](https://github.com/guilhermesantanna-verifymy "guilhermesantanna-verifymy (2 commits)")[![ivofreitasverify](https://avatars.githubusercontent.com/u/183617705?v=4)](https://github.com/ivofreitasverify "ivofreitasverify (2 commits)")

### Embed Badge

![Health badge](/badges/verifymyagecouk-verifymyage-oauth/health.svg)

```
[![Health](https://phpackages.com/badges/verifymyagecouk-verifymyage-oauth/health.svg)](https://phpackages.com/packages/verifymyagecouk-verifymyage-oauth)
```

###  Alternatives

[tempest/framework

The PHP framework that gets out of your way.

2.2k34.4k15](/packages/tempest-framework)[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

25310.7M83](/packages/thenetworg-oauth2-azure)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

42223.4M176](/packages/league-oauth2-google)[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2306.4M45](/packages/stevenmaguire-oauth2-keycloak)[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

751291.4k43](/packages/civicrm-civicrm-core)[patrickbussmann/oauth2-apple

Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1152.8M12](/packages/patrickbussmann-oauth2-apple)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
